| Description |
|---|
|
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. Impacted versions: * Base Score: 10.0, Severity: HIGH, ID: CVE-2018-5393, Last Modified: 2019-10-09T23:41:00Z References Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory |
|
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. Impacted versions: 2.5.4, 2.6.0 Base Score: 6.5, Severity: MEDIUM, ID: CVE-2018-10168, Last Modified: 2019-10-03T00:03:00Z References Third Party Advisory Third Party Advisory Exploit Exploit |
|
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows. Impacted versions: 2.6.0, 2.5.4 Base Score: 6.0, Severity: MEDIUM, ID: CVE-2018-10167, Last Modified: 2018-06-12T18:30:00Z References Third Party Advisory Third Party Advisory Exploit Exploit |
|
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows. Impacted versions: 2.5.4, 2.6.0 Base Score: 6.8, Severity: MEDIUM, ID: CVE-2018-10166, Last Modified: 2018-06-12T18:28:00Z References Third Party Advisory Third Party Advisory Exploit Exploit |
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. Impacted versions: 2.6.0, 2.5.4 Base Score: 3.5, Severity: LOW, ID: CVE-2018-10165, Last Modified: 2018-06-12T18:28:00Z References Third Party Advisory Third Party Advisory Exploit Exploit |
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. Impacted versions: 2.6.0, 2.5.4 Base Score: 3.5, Severity: LOW, ID: CVE-2018-10164, Last Modified: 2018-06-12T18:28:00Z References Third Party Advisory Third Party Advisory Exploit Exploit |
USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
