Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2026-1668

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Security Impact Summary

This vulnerability carries a CRITICAL severity rating with a CVSS v3.1 score of 9.8, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 78 products from tp-link, from tp-link, from tp-link and 75 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2026, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2026-03-13T19:53:58.160

Last Modified

2026-04-02T15:03:02.430

Status

Analyzed

Source

f23511db-6c3e-4e32-a477-6aa17d310630

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System tp-link omada_sg2005p-pd_firmware < 1.0.19 Yes
Hardware tp-link omada_sg2005p-pd - No
Operating System tp-link omada_sg2008_firmware < 4.20.17 Yes
Operating System tp-link omada_sg2008_firmware < 4.30.1 Yes
Hardware tp-link omada_sg2008 - No
Operating System tp-link omada_sg2008p_firmware < 3.20.17 Yes
Operating System tp-link omada_sg2008p_firmware < 3.30.1 Yes
Hardware tp-link omada_sg2008p - No
Operating System tp-link omada_sg2016p_firmware < 1.20.17 Yes
Operating System tp-link omada_sg2016p_firmware < 1.30.1 Yes
Hardware tp-link omada_sg2016p - No
Operating System tp-link omada_sg2210mp_firmware < 4.20.18 Yes
Operating System tp-link omada_sg2210mp_firmware < 5.0.15 Yes
Operating System tp-link omada_sg2210mp_firmware < 5.20.1 Yes
Hardware tp-link omada_sg2210mp - No
Operating System tp-link omada_sg2210p_firmware < 5.20.18 Yes
Operating System tp-link omada_sg2210p_firmware < 5.30.1 Yes
Hardware tp-link omada_sg2210p - No
Operating System tp-link omada_sg2210xmp-m2_firmware < 1.0.19 Yes
Hardware tp-link omada_sg2210xmp-m2 - No
Operating System tp-link omada_sg2218_firmware < 1.20.17 Yes
Operating System tp-link omada_sg2218_firmware < 1.30.1 Yes
Hardware tp-link omada_sg2218 - No
Operating System tp-link omada_sg2218p_firmware < 1.20.17 Yes
Operating System tp-link omada_sg2218p_firmware < 2.0.14 Yes
Operating System tp-link omada_sg2218p_firmware < 2.20.2 Yes
Hardware tp-link omada_sg2218p - No
Operating System tp-link omada_sg2428lp_firmware < 1.0.13 Yes
Hardware tp-link omada_sg2428lp - No
Operating System tp-link omada_sg2428p_firmware < 5.20.20 Yes
Operating System tp-link omada_sg2428p_firmware < 5.30.16 Yes
Hardware tp-link omada_sg2428p - No
Operating System tp-link omada_sg2452lp_firmware < 1.0.13 Yes
Hardware tp-link omada_sg2452lp - No
Operating System tp-link omada_sg3210_firmware < 3.20.17 Yes
Operating System tp-link omada_sg3210_firmware < 3.30.1 Yes
Hardware tp-link omada_sg3210 - No
Operating System tp-link omada_sg3210xhp-m2_firmware < 3.0.21 Yes
Hardware tp-link omada_sg3210xhp-m2 - No
Operating System tp-link omada_sg3210x-m2_firmware < 1.20.1 Yes
Hardware tp-link omada_sg3210x-m2 - No
Operating System tp-link omada_sg3218xp-m2_firmware < 1.0.19 Yes
Hardware tp-link omada_sg3218xp-m2 - No
Operating System tp-link omada_sg3428_firmware < 2.30.16 Yes
Operating System tp-link omada_sg3428_firmware < 2.40.1 Yes
Hardware tp-link omada_sg3428 - No
Operating System tp-link omada_sg3428mp_firmware < 6.20.20 Yes
Operating System tp-link omada_sg3428mp_firmware < 6.30.1 Yes
Hardware tp-link omada_sg3428mp - No
Operating System tp-link omada_sg3428x_firmware < 1.30.17 Yes
Operating System tp-link omada_sg3428x_firmware < 1.40.1 Yes
Hardware tp-link omada_sg3428x - No
Operating System tp-link omada_sg3428xf_firmware < 1.20.16 Yes
Operating System tp-link omada_sg3428xf_firmware < 1.30.1 Yes
Hardware tp-link omada_sg3428xf - No
Operating System tp-link omada_sg3428x-m2_firmware < 1.20.18 Yes
Hardware tp-link omada_sg3428x-m2 - No
Operating System tp-link omada_sg3428xmp_firmware < 3.20.21 Yes
Operating System tp-link omada_sg3428xmp_firmware < 3.30.1 Yes
Hardware tp-link omada_sg3428xmp - No
Operating System tp-link omada_sg3428xmpp_firmware < 1.0.16 Yes
Operating System tp-link omada_sg3428xmpp_firmware < 1.20.1 Yes
Hardware tp-link omada_sg3428xmpp - No
Operating System tp-link omada_sg3428xpp-m2_firmware < 1.20.19 Yes
Hardware tp-link omada_sg3428xpp-m2 - No
Operating System tp-link omada_sg3452_firmware < 1.20.17 Yes
Operating System tp-link omada_sg3452_firmware < 1.30.1 Yes
Hardware tp-link omada_sg3452 - No
Operating System tp-link omada_sg3452p_firmware < 3.30.17 Yes
Operating System tp-link omada_sg3452p_firmware < 3.40.1 Yes
Hardware tp-link omada_sg3452p - No
Operating System tp-link omada_sg3452x_firmware < 1.20.18 Yes
Operating System tp-link omada_sg3452x_firmware < 1.30.1 Yes
Hardware tp-link omada_sg3452x - No
Operating System tp-link omada_sg3452xmpp_firmware < 1.0.15 Yes
Hardware tp-link omada_sg3452xmpp - No
Operating System tp-link omada_sg3452xp_firmware < 2.20.20 Yes
Operating System tp-link omada_sg3452xp_firmware < 2.30.1 Yes
Hardware tp-link omada_sg3452xp - No
Operating System tp-link omada_sl2428p_firmware < 6.20.18 Yes
Hardware tp-link omada_sl2428p - No
Operating System tp-link omada_sx3008f_firmware < 1.20.12 Yes
Hardware tp-link omada_sx3008f - No
Operating System tp-link omada_sx3016f_firmware < 1.20.16 Yes
Operating System tp-link omada_sx3016f_firmware < 1.30.1 Yes
Hardware tp-link omada_sx3016f - No
Operating System tp-link omada_sx3032f_firmware < 1.0.15 Yes
Hardware tp-link omada_sx3032f - No
Operating System tp-link omada_sx3206hpp_firmware < 1.20.12 Yes
Hardware tp-link omada_sx3206hpp - No
Operating System tp-link omada_sx3832_firmware < 1.0.12 Yes
Hardware tp-link omada_sx3832 - No
Operating System tp-link omada_sx3832mpp_firmware < 1.0.11 Yes
Hardware tp-link omada_sx3832mpp - No
Operating System tp-link omada_tl-sg2428p_firmware < 4.0.26 Yes
Hardware tp-link omada_tl-sg2428p - No
Operating System tp-link omada_tl-sg3428mp_firmware < 5.0.25 Yes
Hardware tp-link omada_tl-sg3428mp - No
Operating System tp-link omada_tl-sg3452p_firmware < 3.0.22 Yes
Hardware tp-link omada_tl-sg3452p - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For tp-link's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.