从截图中可以获取以下关于漏洞的关键信息: Vulnerabilities CVE-2025-9289 - Description: Cross-Site Scripting (XSS) vulnerability in Omada Controllers due to improper input sanitization. - Risk: Advanced conditions required for exploitation, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. - Impact: Arbitrary JavaScript execution in the administrator's browser, potentially exposing sensitive information and compromising confidentiality. - Severity: CVSS v4.0 Score 5.7 / Medium - Affected Products: Software (Win/Linux), Cloud, OC Series (OC200/OC220/OC300/OC400) CVE-2025-9290 - Description: Authentication weakness during controller-device adoption due to improper handling of random values. - Risk: Advanced network positioning allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation. - Impact: Exposure of sensitive information and compromising confidentiality. - Severity: CVSS v4.0 Score 6 / Medium - Affected Products: Controllers, Gateways, and Access Points (ER/DR Series, EAP Series) Affected Products Summary Controllers - Software (Win/Linux) - Cloud Controller - Hardware Controllers (OC200, OC220, OC300, OC400) Gateways - ER/DR Series (ER605, ER7206, ER7406, etc.) Access Points - EAP Series (EAP655-Wall, EAP660 HD, EAP620 HD, etc.) Recommendations 1. Firmware Update: Download and update to the latest firmware version. Links: - Download for US - Download for EN 2. Password Change: Change the password after firmware upgrade to mitigate the risk of password leakage. Disclaimer Failure to follow recommendations may leave the vulnerability unaddressed, with potential risks remaining.