15 matches found
EUVD-2018-2243
Malware in sbrugna...
EUVD-2018-2244
Malware in sbrugna...
EUVD-2018-2245
Malware in sbrugna...
CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
TP-Link EAP Controller for Linux Authentication Bypass Vulnerability
TP-Link EAP Controller for Linux is a set of software for remote control of wireless AP access point devices based on Linux platform from China's TP-LINK. A security vulnerability exists in EAP Controller for Linux, which originates from the RMI interface not requiring authentication before use. ...
Deserialization vulnerability in TP-Link EAP Controller for linux
TP-Link EAP Controller is a software for remote control of wireless AP access point devices from China P&L TP-LINK. A deserialization vulnerability exists in TP-Link EAP Controller for linux. A remote attacker can implement a deserialization attack via the RMI protocol, and a successful attack ca...
TP-Link EAP Controller and Omada Controller Cross-Site Request Forgery Vulnerability
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in the Web management interface in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows, which...
TP-Link EAP Controller and Omada Controller Cross-Site Scripting Vulnerability (CNVD-2018-09302)
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A cross-site scripting vulnerability exists in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows. A remote attacker can...
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version...
Hardcoded credentials
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
CVE-2018-10166
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fix...
CVE-2018-10167
TP-Link EAP Controller and Omada Controller (Windows) versions 2.5.4_Windows and 2.6.0_Windows are affected by CVE-2018-10167 due to a hard-coded cryptographic key used to encrypt the web app backup file. A low-privilege user can decrypt and modify the backup to escalate privileges, including cre...
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...