← Back

Deco

deco

Vendor: Tp Link • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-9293
1Tp Link
14Aginet
DecoFesta+11 more
Apr 1, 2026
Feb 13, 2026
7.7 HIGH· v4
8.1 HIGH· v3
N/A· v2
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able...Show more
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.Show less
CVE-2025-9292
1Tp Link
14Aginet
DecoFesta+11 more
Apr 1, 2026
Feb 13, 2026
2.0 LOW· v4
7.5 HIGH· v3
N/A· v2
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injectio...Show more
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required.Show less