TP-Link EAP Controller CSRF / Hard-Coded Key / XSS Vulnerabilities

TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...

CVE-2018-10164

Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version...

CVE-2018-10164

Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version...

CVE-2018-10164

Summary: CVE-2018-10164 is a stored XSS vulnerability in TP-Link EAP Controller and Omada Controller. Affected versions are 2.5.4_Windows and 2.6.0_Windows. The issue arises via portalPictureUpload, enabling an authenticated attacker to inject arbitrary web script/HTML. TP-Link fixed the flaw in ...

TP-Link EAP Controller Multiple Vulnerabilities

1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:http://www.coresecurity.com/core-labs/advisories/tp-link-eap-controller-multiple-vulnerabilities Date published: 2018-05-03 Date of last update: 2018-05-03 Vendors contacted:...