Tp Link Eap Controller

Do you want an email whenever new security vulnerabilities are reported in Tp Link Eap Controller?

By the Year

In 2024 there have been 0 vulnerabilities in Tp Link Eap Controller . Eap Controller did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	6	7.62

It may take a day or so for new Eap Controller vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Tp Link Eap Controller Security Vulnerabilities

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices

CVE-2018-5393 9.8 - Critical - September 28, 2018

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.

Missing Authentication for Critical Function

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows

CVE-2018-10164 5.4 - Medium - May 03, 2018

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows.

XSS

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows

CVE-2018-10165 5.4 - Medium - May 03, 2018

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.

XSS

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms

CVE-2018-10166 8.8 - High - May 03, 2018

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.

Session Riding

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows

CVE-2018-10167 7.5 - High - May 03, 2018

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.

Use of Hard-coded Credentials

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API

CVE-2018-10168 8.8 - High - May 03, 2018

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.

Improper Privilege Management

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Tp Link Eap Controller or by Tp Link? Click the Watch button to subscribe.

Tp Link
Vendor

Tp Link Eap Controller
Product

Tp Link Eap Controller

By the Year

Recent Tp Link Eap Controller Security Vulnerabilities

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices CVE-2018-5393 9.8 - Critical - September 28, 2018

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows CVE-2018-10164 5.4 - Medium - May 03, 2018

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows CVE-2018-10165 5.4 - Medium - May 03, 2018

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms CVE-2018-10166 8.8 - High - May 03, 2018

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows CVE-2018-10167 7.5 - High - May 03, 2018

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API CVE-2018-10168 8.8 - High - May 03, 2018