CVE-2025-7375 - Vulnerability Details - OpenCVE

A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.omadanetworks.com/en/product/eap610/v3/
https://support.omadanetworks.com/us/document/118100/
https://support.omadanetworks.com/us/product/eap610/v3/

History

Thu, 05 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0.
Title		Unauthenticated Denial-of-Service Vulnerability in Omada EAP610
Weaknesses		CWE-20
References		https://support.omadanetworks.com/en/product/eap610/v3/ https://support.omadanetworks.com/us/document/118100/ https://support.omadanetworks.com/us/product/eap610/v3/
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-03-05T17:47:56.583Z

Updated: 2026-03-05T17:47:56.583Z

Reserved: 2025-07-09T00:57:53.077Z

Link: CVE-2025-7375

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-03-05T19:16:02.403

Modified: 2026-03-05T19:38:33.877

Link: CVE-2025-7375

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7375", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2025-07-09T00:57:53.077Z", "datePublished": "2026-03-05T17:47:56.583Z", "dateUpdated": "2026-03-05T17:47:56.583Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EAP610 v3", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "1.6.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Felix Th\u00fcmmler"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device\u2019s HTTP service to crash. This results in temporary service unavailability until the device is rebooted.<br>This issue affects Omada EAP610 firmware versions prior to 1.6.0.<br>"}], "value": "A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device\u2019s HTTP service to crash. This results in temporary service unavailability until the device is rebooted.\nThis issue affects Omada EAP610 firmware versions prior to 1.6.0."}], "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6 Argument Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-03-05T17:47:56.583Z"}, "references": [{"tags": ["patch"], "url": "https://support.omadanetworks.com/en/product/eap610/v3/"}, {"tags": ["patch"], "url": "https://support.omadanetworks.com/us/product/eap610/v3/"}, {"tags": ["vendor-advisory"], "url": "https://support.omadanetworks.com/us/document/118100/"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauthenticated Denial-of-Service Vulnerability in Omada EAP610", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device\u2019s HTTP service to crash. This results in temporary service unavailability until the device is rebooted.\nThis issue affects Omada EAP610 firmware versions prior to 1.6.0."}], "id": "CVE-2025-7375", "lastModified": "2026-03-05T19:38:33.877", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2026-03-05T19:16:02.403", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://support.omadanetworks.com/en/product/eap610/v3/"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://support.omadanetworks.com/us/document/118100/"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://support.omadanetworks.com/us/product/eap610/v3/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}