CVE-2018-10166

🗓️ 03 May 2018 18:00:29Reported by [email protected]Type

The TP-Link EAP and Omada Controllers versions 2.5.4/2.6.0 for Windows lack Anti-CSRF tokens, allowing attackers to make authenticated requests

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2018-10166	3 May 201818:00	–	cvelist
CVE	CVE-2018-10166	3 May 201818:29	–	cve
Prion	Cross site request forgery (csrf)	3 May 201818:29	–	prion
0day.today	TP-Link EAP Controller CSRF / Hard-Coded Key / XSS Vulnerabilities	4 May 201800:00	–	zdt
Packet Storm	TP-Link EAP Controller CSRF / Hard-Coded Key / XSS	4 May 201800:00	–	packetstorm
Core Security	TP-Link EAP Controller Multiple Vulnerabilities	3 May 201800:00	–	coresecurity

Nvd

Node

tp-link eap_controllerMatch2.5.4windows

tp-link eap_controllerMatch2.6.0windows

Source	Link
securityfocus	www.securityfocus.com/bid/104094
coresecurity	www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 May 2018 18:29Current

8.5High risk

Vulners AI Score8.5

CVSS26.8

CVSS38.8

EPSS0.0053

CWE-352