31 matches found
EUVD-2018-2244
Malware in sbrugna...
EUVD-2018-2243
Malware in sbrugna...
EUVD-2018-2242
Malware in sbrugna...
EUVD-2018-2245
Malware in sbrugna...
CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
CVE-2018-5393 TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
CVE-2018-5393
The CVE-2018-5393 issue affects TP-LINK EAP Controller (incl. Linux) with RMI-based remote control and no authentication for RMI commands in versions 2.5.3 and earlier. A deserialization attack over Java RMI could allow a remote attacker to take control of the target server and execute Java funct...
TP-Link EAP Controller for Linux Authentication Bypass Vulnerability
TP-Link EAP Controller for Linux is a set of software for remote control of wireless AP access point devices based on Linux platform from China's TP-LINK. A security vulnerability exists in EAP Controller for Linux, which originates from the RMI interface not requiring authentication before use. ...
TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks
Overview The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an...
Deserialization vulnerability in TP-Link EAP Controller for linux
TP-Link EAP Controller is a software for remote control of wireless AP access point devices from China P&L TP-LINK. A deserialization vulnerability exists in TP-Link EAP Controller for linux. A remote attacker can implement a deserialization attack via the RMI protocol, and a successful attack ca...
TP-Link EAP Controller and Omada Controller Elevation of Privilege Vulnerability
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows, which originates from the program's...
TP-Link EAP Controller and Omada Controller Cross-Site Request Forgery Vulnerability
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in the Web management interface in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows, which...
TP-Link EAP Controller and Omada Controller Cross-Site Scripting Vulnerability (CNVD-2018-09302)
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A cross-site scripting vulnerability exists in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows. A remote attacker can...
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS Vulnerabilities
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
Hardcoded credentials
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
CVE-2018-10166
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fix...
CVE-2018-10165
Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version...