Statement on Spring Framework RCE Vulnerability(For Omada Software Controller)

Security Advisory
Updated 07-23-2024 07:10:34 AM FAQ view icon48982
This Article Applies to: 

TP-Link is aware of the RCE vulnerability CVE-2022-22965 in the Spring Framework. According to the official information, the prerequisites for this vulnerability are as follows.

  • Spring Framework: 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, older, unsupported versions are also affected
  • JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as WAR
  • spring-webmvc or spring-webflux dependency

At TP-Link, customer security comes first. TP-Link is closely monitoring and investigating the vulnerability and will keep updating this advisory as more information becomes available.

Potentially Affected TP-Link Products:

Omada Software Controller uses the Spring Framework and supports Java 8 (OpenJDK-8) and above since version 5.0. However, its use of the Spring Framework does not meet the above prerequisites and our attack simulation/vulnerability scan results in a Failure.

Nevertheless, given that the nature of the vulnerability is more general, we recommend that you downgrade to Java 8 (OpenJDK-8) to run the controller. For more detailed guides, please refer to our community.

Both Omada Hardware Controller (OC200 v1/v2, OC300) and Omada Cloud-Based Controller use OpenJDK-8 and are therefore not affected by this vulnerability. TP-Link will update the built-in Spring Framework to fix the vulnerability in subsequent updates.

Unaffected TP-Link products:

All Wi-Fi Router

All Mesh Wi-Fi(Deco)

All Range Extender

All Powerline adapter

All Mobile Wi-Fi products

All SMB Routers, Switch, Omada EAP, and Pharos CPE

All VIGI products

APP: Tether, Deco, Tapo, Kasa, tpMiFi, Omada

Disclaimer

The vulnerability will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

icon

Accessibility Adjustments

icon RESET

Choose the right accessibility profile for you

OFF

Seizure Safe

Eliminates flashes and reduces color

OFF

Cognitive Disability

Assists with reading and focusing

OFF

Vision Impaired

Enhances the website's visuals

OFF

ADHD Friendly

More focus and fewer distractions

Content Adjustments

Adjust Scale

icon
100%
icon

Highlight Title

icon

Highlight Link

icon

Text Magnifier

icon

Readable Font

icon

Align Center

icon

Align Left

icon

Align Right

icon

Color Adjustment

Low Saturate

icon

High Saturate

icon

Dark Contrast

icon

Light Contrast

icon

Set Text Colors

Monochrome

icon

Set Title Colors

High Contrast

icon

Set BackgroundColor

Orientation Adjustments

Muted

icon

Hide Images

icon

Stop Animation

icon

Reading Mask

icon

Highlight Hover

icon

Big Black Cursor

mutedicon

Big White Cursor

icon

Hide Video/Audio

icon

Stop Video

icon

Stop Audio

icon

Hide Animation

icon

Reading Guide

icon

Useful Links

Chat Now