31 matches found
EUVD-2018-2243
Malware in sbrugna...
EUVD-2018-2244
Malware in sbrugna...
EUVD-2018-2245
Malware in sbrugna...
EUVD-2018-2242
Malware in sbrugna...
CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
CVE-2018-5393 TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
CVE-2018-5393
The CVE-2018-5393 issue affects TP-LINK EAP Controller (incl. Linux) with RMI-based remote control and no authentication for RMI commands in versions 2.5.3 and earlier. A deserialization attack over Java RMI could allow a remote attacker to take control of the target server and execute Java funct...
TP-Link EAP Controller for Linux Authentication Bypass Vulnerability
TP-Link EAP Controller for Linux is a set of software for remote control of wireless AP access point devices based on Linux platform from China's TP-LINK. A security vulnerability exists in EAP Controller for Linux, which originates from the RMI interface not requiring authentication before use. ...
TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks
Overview The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an...
Deserialization vulnerability in TP-Link EAP Controller for linux
TP-Link EAP Controller is a software for remote control of wireless AP access point devices from China P&L TP-LINK. A deserialization vulnerability exists in TP-Link EAP Controller for linux. A remote attacker can implement a deserialization attack via the RMI protocol, and a successful attack ca...
TP-Link EAP Controller and Omada Controller Elevation of Privilege Vulnerability
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows, which originates from the program's...
TP-Link EAP Controller and Omada Controller Cross-Site Request Forgery Vulnerability
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in the Web management interface in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows, which...
TP-Link EAP Controller and Omada Controller Cross-Site Scripting Vulnerability (CNVD-2018-09302)
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A cross-site scripting vulnerability exists in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows. A remote attacker can...
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS Vulnerabilities
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version...
Hardcoded credentials
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
CVE-2018-10165
Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version...