4 matches found
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS Vulnerabilities
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
CVE-2018-10166
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fix...
CVE-2018-10166
The CVE-2018-10166 issue affects TP-Link EAP Controller and Omada Controller (versions 2.5.4_Windows / 2.6.0_Windows). The web management interface lacks Anti-CSRF tokens in forms, enabling authenticated actions from a user visiting a controlled domain. Core Security details confirm PoCs: ability...
TP-Link EAP Controller Multiple Vulnerabilities
1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:http://www.coresecurity.com/core-labs/advisories/tp-link-eap-controller-multiple-vulnerabilities Date published: 2018-05-03 Date of last update: 2018-05-03 Vendors contacted:...