4 matches found
CVE-2018-5393 TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
CVE-2018-5393
The CVE-2018-5393 issue affects TP-LINK EAP Controller (incl. Linux) with RMI-based remote control and no authentication for RMI commands in versions 2.5.3 and earlier. A deserialization attack over Java RMI could allow a remote attacker to take control of the target server and execute Java funct...
CVE-2018-5393
creationtimestamp| type| source ---|---|--- 2018-09-26 17:10:06+00:00| seen| MISP/5babbc5a-a658-4b4b-8b94-2c060a021402...
TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks
Overview The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an...