CVE-2026-1668 HIGH

CVE-2026-1668: Input Validation Vulnerability on Multiple Omada Switches

Vendor Tp-Link Systems Inc.

Product SG2008P 3.2x

Weakness CWE-20 · Input validation

Published March 13, 2026

Last update March 13, 2026

View on NVD All CVEs

CVSS base score

7.7/10

Attack vector Adjacent

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Key dates

02Disclosure timeline

March 13, 2026 CVE published

March 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-1668 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2026-1668

CWE CWE-20

CVSS 7.7 / HIGH

Affected versions

Vendor Tp-Link Systems Inc.

Product SG2008P 3.2x

Affected < 3.20.17 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG2008P 3.3x

Affected < 3.30.1 Build 20260127 Rel.32017

Vendor Tp-Link Systems Inc.

Product SX3016F 1.3x

Affected < 1.30.1 Build 20260129 Rel.8831

Vendor Tp-Link Systems Inc.

Product SX3016F 1.2x

Affected < 1.20.16 Build 20260121 Rel.57953

Vendor Tp-Link Systems Inc.

Product SG3428 2.4x

Affected < 2.40.1 Build 20260127 Rel.39545

Vendor Tp-Link Systems Inc.

Product SG3428XMP 3.3x

Affected < 3.30.1 Build 20260127 Rel.39545

Vendor Tp-Link Systems Inc.

Product SG3428X 1.4x

Affected < 1.40.1 Build 20260127 Rel.39545

Vendor Tp-Link Systems Inc.

Product SG3428XF 1.3x

Affected < 1.30.1 Build 20260127 Rel.39545

Vendor Tp-Link Systems Inc.

Product SG3452P 3.4x

Affected < 3.40.1 Build 20260128 Rel.7041

Vendor Tp-Link Systems Inc.

Product SG3428MP 6.3x

Affected < 6.30.1 Build 20260127 Rel.39545

Vendor Tp-Link Systems Inc.

Product SG2218P 2.2x

Affected < 2.20.2 Build 20260127 Rel.32017

Vendor Tp-Link Systems Inc.

Product SG2016P 1.3x

Affected < 1.30.1 Build 20260127 Rel.32017

Vendor Tp-Link Systems Inc.

Product SG3452XP 2.3x

Affected < 2.30.1 Build 20260128 Rel.8721

Vendor Tp-Link Systems Inc.

Product SG3428XMPP 1.2x

Affected < 1.20.1 Build 20260127 Rel.39545

Vendor Tp-Link Systems Inc.

Product SG3452X 1.3x

Affected < 1.30.1 Build 20260128 Rel.8721

Vendor Tp-Link Systems Inc.

Product SG2008 4.3x

Affected < 4.30.1 Build 20260127 Rel.32017

Vendor Tp-Link Systems Inc.

Product SG3210 3.3x

Affected < 3.30.1 Build 20260206 Rel.33103

Vendor Tp-Link Systems Inc.

Product SG2210MP 5.2x

Affected < 5.20.1 Build 20260127 Rel.32017

Vendor Tp-Link Systems Inc.

Product SG2210P 5.3x

Affected < 5.30.1 Build 20260127 Rel.32017

Vendor Tp-Link Systems Inc.

Product SG2218 1.3x

Affected < 1.30.1 Build 20260127 Rel.32017

Vendor Tp-Link Systems Inc.

Product SG3452 1.3x

Affected < 1.30.1 Build 20260128 Rel.7041

Vendor Tp-Link Systems Inc.

Product SG3210X-M2 1.2x

Affected < 1.20.1 Build 20260129 Rel.13605

Vendor Tp-Link Systems Inc.

Product SG2210XMP-M2 1.x

Affected < 1.0.19 Build 20260121 Rel.53314

Vendor Tp-Link Systems Inc.

Product SG2008 4.2x

Affected < 4.20.17 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG2218P 1.2x

Affected < 1.20.17 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG3210 3.2x

Affected < 3.20.17 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG3428X-M2 1.2x

Affected < 1.20.18 Build 20260121 Rel.54271

Vendor Tp-Link Systems Inc.

Product SX3832MPP 1.x

Affected < 1.0.11 Build 20260121 Rel.56907

Vendor Tp-Link Systems Inc.

Product SG2218 1.2x

Affected < 1.20.17 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SX3832 1.x

Affected < 1.0.12 Build 20260121 Rel.56907

Vendor Tp-Link Systems Inc.

Product SG2428LP 1.x

Affected < 1.0.15 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SL2428P 6.2x

Affected < 6.20.18 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG3218XP-M2 1.x

Affected < 1.0.19 Build 20260121 Rel.53314

Vendor Tp-Link Systems Inc.

Product SG3210XHP-M2 3.x

Affected < 3.0.21 Build 20260121 Rel.53314

Vendor Tp-Link Systems Inc.

Product SG2218P 2.x

Affected < 2.0.14 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG3210X-M2 1.x

Affected < 1.0.19 Build 20260121 Rel.53314

Vendor Tp-Link Systems Inc.

Product SG2428P 5.3x

Affected < 5.30.16 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG2210MP 4.2x

Affected < 4.20.18 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG3452P 3.3x

Affected < 3.30.17 Build 20260121 Rel.54132

Vendor Tp-Link Systems Inc.

Product SG3452 1.2x

Affected < 1.20.17 Build 20260121 Rel.54132

Vendor Tp-Link Systems Inc.

Product SG2452LP 1.x

Affected < 1.0.13 Build 20260121 Rel.54132

Vendor Tp-Link Systems Inc.

Product SX3032F 1.x

Affected < 1.0.15 Build 20260121 Rel.56907

Vendor Tp-Link Systems Inc.

Product SG3452X 1.2x

Affected < 1.20.18 Build 20260121 Rel.55833

Vendor Tp-Link Systems Inc.

Product SG3452XMPP 1.x

Affected < 1.0.15 Build 20260121 Rel.55833

Vendor Tp-Link Systems Inc.

Product SG3428XPP-M2 1.2x

Affected < 1.20.19 Build 20260121 Rel.54271

Vendor Tp-Link Systems Inc.

Product TL-SG3452P 3.0

Affected < 3.0.22 Build 20260121 Rel.54132

Vendor Tp-Link Systems Inc.

Product SG2428P 5.2x

Affected < 5.20.20 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG2210MP 5.x

Affected < 5.0.15 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG2005P-PD 1.x

Affected < 1.0.19 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG2016P 1.2x

Affected < 1.20.17 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG3452XP 2.2x

Affected < 2.20.20 Build 20260121 Rel.55833

Vendor Tp-Link Systems Inc.

Product SG3428XMP 3.2x

Affected < 3.20.21 Build 20260113 Rel.67732

Vendor Tp-Link Systems Inc.

Product SG3428X 1.3x

Affected < 1.30.17 Build 20260113 Rel.67732

Vendor Tp-Link Systems Inc.

Product SG3428XF 1.2x

Affected < 1.20.16 Build 20260113 Rel.67732

Vendor Tp-Link Systems Inc.

Product SG3428MP 6.2x

Affected < 6.20.20 Build 20260113 Rel.67732

Vendor Tp-Link Systems Inc.

Product TL-SG3428MP 5.x

Affected < 5.0.25 Build 20260113 Rel.67732

Vendor Tp-Link Systems Inc.

Product SG3428 2.3x

Affected < 2.30.16 Build 20260113 Rel.67732

Vendor Tp-Link Systems Inc.

Product SG3428XMPP 1.x

Affected < 1.0.16 Build 20260113 Rel.67732

Vendor Tp-Link Systems Inc.

Product TL-SG2428P 4.x

Affected < 4.0.26 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SG2210P 5.2x

Affected < 5.20.18 Build 20260121 Rel.53429

Vendor Tp-Link Systems Inc.

Product SX3008F 1.2x

Affected All versions

Vendor Tp-Link Systems Inc.

Product SX3206HPP 1.20

Affected All versions

CVE-2026-1668: Input Validation Vulnerability on Multiple Omada Switches

01Description

02Disclosure timeline

03References

04Related CVE