Cyber Posture

CVE-2026-1668

Critical

Published: 13 March 2026

Published
13 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network…

more

access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly enforces input validation mechanisms to prevent crafted requests from causing out-of-bounds memory access in the web interface.

SI-16 Memory Protection good match
prevent

Implements memory protection techniques like address space randomization to mitigate out-of-bounds writes leading to memory corruption or RCE.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and patching of flaws like this input validation vulnerability via firmware updates.

Security SummaryAI

CVE-2026-1668 is a vulnerability in the web interface on multiple Omada switches, where certain external inputs are not adequately validated. This deficiency can lead to out-of-bounds memory access when processing crafted requests. Under specific conditions, the flaw may result in unintended command execution. The issue is linked to CWE-20 (Improper Input Validation) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An unauthenticated attacker with network access to the affected interface can exploit this vulnerability to cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Omada Networks provides mitigation through firmware updates available on their support sites, including regional download pages at https://support.omadanetworks.com/au/download/firmware/, https://support.omadanetworks.com/en/download/firmware/, and https://support.omadanetworks.com/us/download/firmware/, along with detailed documentation at https://support.omadanetworks.com/us/document/118794/ and product information at https://support.omadanetworks.com/us/product/.

Details

CWE(s)
CWE-20CWE-787

Affected Products

tp-link
omada sg2005p-pd firmware
1.0.0 — 1.0.19
tp-link
omada sg2008 firmware
4.20.0 — 4.20.17 · 4.30.0 — 4.30.1
tp-link
omada sg2008p firmware
3.20.0 — 3.20.17 · 3.30.0 — 3.30.1
tp-link
omada sg2016p firmware
1.20.0 — 1.20.17 · 1.30.0 — 1.30.1
tp-link
omada sg2210mp firmware
4.20.0 — 4.20.18 · 5.0.0 — 5.0.15 · 5.20.0 — 5.20.1
tp-link
omada sg2210p firmware
5.20.0 — 5.20.18 · 5.30.0 — 5.30.1
tp-link
omada sg2210xmp-m2 firmware
1.0.0 — 1.0.19
tp-link
omada sg2218 firmware
1.20.0 — 1.20.17 · 1.30.0 — 1.30.1
tp-link
omada sg2218p firmware
1.20.0 — 1.20.17 · 2.0.0 — 2.0.14 · 2.20.0 — 2.20.2
tp-link
omada sg2428lp firmware
1.0.0 — 1.0.13
+29 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated remote exploitation of the web interface on network switches for RCE or DoS directly enables T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References