Lucene search
K

4 matches found

0day.today
0day.today
added 2018/05/04 12:0 a.m.97 views

TP-Link EAP Controller CSRF / Hard-Coded Key / XSS Vulnerabilities

TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...

0.3AI score0.01572EPSS
Exploits7
NVD
NVD
added 2018/05/03 6:29 p.m.18 views

CVE-2018-10166

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fix...

8.8CVSS8.5AI score0.00744EPSS
Exploits3References2
CVE
CVE
added 2018/05/03 6:0 p.m.53 views

CVE-2018-10166

The CVE-2018-10166 issue affects TP-Link EAP Controller and Omada Controller (versions 2.5.4_Windows / 2.6.0_Windows). The web management interface lacks Anti-CSRF tokens in forms, enabling authenticated actions from a user visiting a controlled domain. Core Security details confirm PoCs: ability...

8.8CVSS8.4AI score0.00744EPSS
Exploits3References2Affected Software1
Core Security
Core Security
added 2018/05/03 12:0 a.m.1782 views

TP-Link EAP Controller Multiple Vulnerabilities

1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:http://www.coresecurity.com/core-labs/advisories/tp-link-eap-controller-multiple-vulnerabilities Date published: 2018-05-03 Date of last update: 2018-05-03 Vendors contacted:...

8.8CVSS8.1AI score0.01572EPSS
Exploits7
Rows per page
Query Builder