Lucene search
K
Tp-linkEap Controller

6 matches found

CVE
CVE
added 2018/09/28 5:0 p.m.65 views

CVE-2018-5393

The CVE-2018-5393 issue affects TP-LINK EAP Controller (incl. Linux) with RMI-based remote control and no authentication for RMI commands in versions 2.5.3 and earlier. A deserialization attack over Java RMI could allow a remote attacker to take control of the target server and execute Java funct...

10CVSS9.9AI score0.1286EPSS
CVE
CVE
added 2018/05/03 6:0 p.m.53 views

CVE-2018-10166

The CVE-2018-10166 issue affects TP-Link EAP Controller and Omada Controller (versions 2.5.4_Windows / 2.6.0_Windows). The web management interface lacks Anti-CSRF tokens in forms, enabling authenticated actions from a user visiting a controlled domain. Core Security details confirm PoCs: ability...

8.8CVSS8.4AI score0.00734EPSS
Web
CVE
CVE
added 2018/05/03 6:0 p.m.51 views

CVE-2018-10167

TP-Link EAP Controller and Omada Controller (Windows) versions 2.5.4_Windows and 2.6.0_Windows are affected by CVE-2018-10167 due to a hard-coded cryptographic key used to encrypt the web app backup file. A low-privilege user can decrypt and modify the backup to escalate privileges, including cre...

7.5CVSS7.5AI score0.01191EPSS
Web
CVE
CVE
added 2018/05/03 6:0 p.m.51 views

CVE-2018-10168

CVE-2018-10168 affects TP-Link EAP Controller and Omada Controller (v2.5.4_Windows and v2.6.0_Windows). Root causes include improper privilege management on the Web API (allowing a low-privilege user to perform admin actions), a hard-coded key used to encrypt the backup file enabling decryption/m...

8.8CVSS8.5AI score0.01551EPSS
Web
CVE
CVE
added 2018/05/03 6:0 p.m.50 views

CVE-2018-10164

Summary: CVE-2018-10164 is a stored XSS vulnerability in TP-Link EAP Controller and Omada Controller. Affected versions are 2.5.4_Windows and 2.6.0_Windows. The issue arises via portalPictureUpload, enabling an authenticated attacker to inject arbitrary web script/HTML. TP-Link fixed the flaw in ...

5.4CVSS5.6AI score0.00626EPSS
Web
CVE
CVE
added 2018/05/03 6:0 p.m.47 views

CVE-2018-10165

TP-Link EAP Controller/Omada Controller (Windows) versions 2.5.4_Windows and 2.6.0_Windows are affected by CVE-2018-10165 (stored XSS) via the userName field in local user creation. Related issues include CVE-2018-10166 (CSRF in Web UI), CVE-2018-10167 (backup decryptor with hard-coded key), CVE-...

5.4CVSS5.6AI score0.00607EPSS
Web