{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-7375","assignerOrgId":"f23511db-6c3e-4e32-a477-6aa17d310630","state":"PUBLISHED","assignerShortName":"TPLink","dateReserved":"2025-07-09T00:57:53.077Z","datePublished":"2026-03-05T17:47:56.583Z","dateUpdated":"2026-03-06T16:11:17.670Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"EAP610 v3","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"1.6.0","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Felix Thümmler"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3.  An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash.  This results in temporary service unavailability until the device is rebooted.<br>This issue affects Omada EAP610 firmware versions prior to 1.6.0.<br>"}],"value":"A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3.  An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash.  This results in temporary service unavailability until the device is rebooted.\nThis issue affects Omada EAP610 firmware versions prior to 1.6.0."}],"impacts":[{"capecId":"CAPEC-6","descriptions":[{"lang":"en","value":"CAPEC-6 Argument Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":6.9,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f23511db-6c3e-4e32-a477-6aa17d310630","shortName":"TPLink","dateUpdated":"2026-03-05T17:47:56.583Z"},"references":[{"tags":["patch"],"url":"https://support.omadanetworks.com/en/product/eap610/v3/"},{"tags":["patch"],"url":"https://support.omadanetworks.com/us/product/eap610/v3/"},{"tags":["vendor-advisory"],"url":"https://support.omadanetworks.com/us/document/118100/"}],"source":{"discovery":"UNKNOWN"},"title":"Unauthenticated Denial-of-Service Vulnerability in Omada EAP610","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-06T15:50:51.854510Z","id":"CVE-2025-7375","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-06T16:11:17.670Z"}}]}}