15 matches found
EUVD-2018-2243
Malware in sbrugna...
EUVD-2018-2244
Malware in sbrugna...
EUVD-2018-2245
Malware in sbrugna...
CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...
TP-Link EAP Controller for Linux Authentication Bypass Vulnerability
TP-Link EAP Controller for Linux is a set of software for remote control of wireless AP access point devices based on Linux platform from China's TP-LINK. A security vulnerability exists in EAP Controller for Linux, which originates from the RMI interface not requiring authentication before use. ...
Deserialization vulnerability in TP-Link EAP Controller for linux
TP-Link EAP Controller is a software for remote control of wireless AP access point devices from China P&L TP-LINK. A deserialization vulnerability exists in TP-Link EAP Controller for linux. A remote attacker can implement a deserialization attack via the RMI protocol, and a successful attack ca...
TP-Link EAP Controller and Omada Controller Cross-Site Request Forgery Vulnerability
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in the Web management interface in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows, which...
TP-Link EAP Controller and Omada Controller Cross-Site Scripting Vulnerability (CNVD-2018-09302)
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A cross-site scripting vulnerability exists in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows. A remote attacker can...
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
Hardcoded credentials
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version...
CVE-2018-10166
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fix...
CVE-2018-10167
TP-Link EAP Controller and Omada Controller (Windows) versions 2.5.4_Windows and 2.6.0_Windows are affected by CVE-2018-10167 due to a hard-coded cryptographic key used to encrypt the web app backup file. A low-privilege user can decrypt and modify the backup to escalate privileges, including cre...
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...