RSS   Vulnerabilities for 'Eap controller'   RSS

2018-09-28
 
CVE-2018-5393

CWE-306
 

 
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.

 
2018-05-03
 
CVE-2018-10168

CWE-264
 

 
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.

 
 
CVE-2018-10167

CWE-798
 

 
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.

 
 
CVE-2018-10166

CWE-352
 

 
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.

 
 
CVE-2018-10165

CWE-79
 

 
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.

 
 
CVE-2018-10164

CWE-79
 

 
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows.

 

 >>> Vendor: Tp-link 178 Products
8840t
Tl-wr841n
Tl-wr841n firmware
Tl-sc3130
Tl-sc3130g
Tl-sc3171
Tl-sc3171g
Lm firmware
Td-8816
Tl-wdr4300
Tl-wdr4300 firmware
Firmware
Tl-wr740n
Tl-wr740n firmware
Tl-wr840n firmware
Tl-wrd741nd (5.0)
Archer c5 (1.2) firmware
Archer c7 (2.0) firmware
Archer c8 (1.0) firmware
Archer c9 (1.0) firmware
Tl-wdr3500 (1.0) firmware
Tl-wdr3600 (1.0) firmware
Tl-wdr4300 (1.0) firmware
Tl-wrd740n (5.0) firmware
Tl-wrd741nd (5.0) firmware
Tl-wrd841n (10.0) firmware
Tl-wrd841n (9.0) firmware
Tl-wrd841nd (10.0) firmware
Tl-wrd841nd (9.0) firmware
Tl-wr741nd (5.0)
Tl-wr740n (5.0) firmware
Tl-wr741nd (5.0) firmware
Tl-wr841n (10.0) firmware
Tl-wr841n (9.0) firmware
Tl-wr841nd (10.0) firmware
Tl-wr841nd (9.0) firmware
Tl-sg108e firmware
C20i firmware
C2 firmware
Wr841n v8 firmware
Nc250 v1 firmware
Archer c9 (2.0) firmware
Tl-mr3220 firmware
Wr940n firmware
Tl-wr741n firmware
Tl-wr741nd firmware
Tl-er5510g
Tl-er5520g
Tl-er6120g
Tl-er6520g
Tl-r4239g
Tl-r4299g
Tl-r473
Tl-r478
Tl-r478+
Tl-r478g+
Tl-r483
Tl-r483g
Tl-r488
Tl-wvr300
Tl-wvr302
Tl-wvr450g
Tl-wvr900g
Tl-er3210g firmware
Tl-er3220g firmware
Tl-er5110g firmware
Tl-er5120g firmware
Tl-er6110g firmware
Tl-er6220g firmware
Tl-er6510g firmware
Tl-er7520g firmware
Tl-r4149g firmware
Tl-r473g firmware
Tl-r473gp-ac firmware
Tl-r473p-ac firmware
Tl-r478g firmware
Tl-r479gp-ac firmware
Tl-r479gpe-ac firmware
Tl-r479p-ac firmware
Tl-war1200l firmware
Tl-war1300l firmware
Tl-war1750l firmware
Tl-war2600l firmware
Tl-war302 firmware
Tl-war450 firmware
Tl-war450l firmware
Tl-war458 firmware
Tl-war458l firmware
Tl-war900l firmware
Tl-wvr1200l firmware
Tl-wvr1300g firmware
Tl-wvr1300l firmware
Tl-wvr1750l firmware
Tl-wvr2600l firmware
Tl-wvr4300l firmware
Tl-wvr450 firmware
Tl-wvr450l firmware
Tl-wvr458 firmware
Tl-wvr458l firmware
Tl-wvr458p firmware
See all Products for Vendor Tp-link


Copyright 2019, cxsecurity.com

 

Back to Top