CVE-2026-1668

Critical

Published: 13 March 2026

Published

13 March 2026

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1668 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Tp-Link Omada Sg2210Mp Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly enforces input validation mechanisms to prevent crafted requests from causing out-of-bounds memory access in the web interface.

SI-16 Memory Protection good match

prevent

Implements memory protection techniques like address space randomization to mitigate out-of-bounds writes leading to memory corruption or RCE.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of flaws like this input validation vulnerability via firmware updates.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote exploitation of the web interface on network switches for RCE or DoS directly enables T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network…

access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Deeper analysisAI

CVE-2026-1668 is a vulnerability in the web interface on multiple Omada switches, where certain external inputs are not adequately validated. This deficiency can lead to out-of-bounds memory access when processing crafted requests. Under specific conditions, the flaw may result in unintended command execution. The issue is linked to CWE-20 (Improper Input Validation) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An unauthenticated attacker with network access to the affected interface can exploit this vulnerability to cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Omada Networks provides mitigation through firmware updates available on their support sites, including regional download pages at https://support.omadanetworks.com/au/download/firmware/, https://support.omadanetworks.com/en/download/firmware/, and https://support.omadanetworks.com/us/download/firmware/, along with detailed documentation at https://support.omadanetworks.com/us/document/118794/ and product information at https://support.omadanetworks.com/us/product/.

Details

CWE(s): CWE-20 CWE-787

Affected Products

tp-link

omada sg2005p-pd firmware

1.0.0 — 1.0.19

tp-link

omada sg2008 firmware

4.20.0 — 4.20.17 · 4.30.0 — 4.30.1

tp-link

omada sg2008p firmware

3.20.0 — 3.20.17 · 3.30.0 — 3.30.1

tp-link

omada sg2016p firmware

1.20.0 — 1.20.17 · 1.30.0 — 1.30.1

tp-link

omada sg2210mp firmware

4.20.0 — 4.20.18 · 5.0.0 — 5.0.15 · 5.20.0 — 5.20.1

tp-link

omada sg2210p firmware

5.20.0 — 5.20.18 · 5.30.0 — 5.30.1

tp-link

omada sg2210xmp-m2 firmware

1.0.0 — 1.0.19

tp-link

omada sg2218 firmware

1.20.0 — 1.20.17 · 1.30.0 — 1.30.1

tp-link

omada sg2218p firmware

1.20.0 — 1.20.17 · 2.0.0 — 2.0.14 · 2.20.0 — 2.20.2

tp-link

omada sg2428lp firmware

1.0.0 — 1.0.13

+29 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-25897Same vendor: Tp-Link

CVE-2026-1315Same vendor: Tp-Link

CVE-2025-25898Same vendor: Tp-Link

CVE-2025-15517Same vendor: Tp-Link

CVE-2025-15606Same vendor: Tp-Link

CVE-2025-9292Same vendor: Tp-Link

CVE-2026-34121Same vendor: Tp-Link

CVE-2025-25901Same vendor: Tp-Link

CVE-2024-57049Same vendor: Tp-Link

CVE-2026-0834Same vendor: Tp-Link

References

https://support.omadanetworks.com/au/download/firmware/
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://support.omadanetworks.com/en/download/firmware/
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://support.omadanetworks.com/us/document/118794/
Vendor Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://support.omadanetworks.com/us/product/
Product · f23511db-6c3e-4e32-a477-6aa17d310630