Skip to main content

Eap Controller

6 CVEs product

Monthly

CVE-2018-5393 CRITICAL Act Now

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Deserialization TP-Link Eap Controller
NVD
CVSS 3.0
9.8
EPSS
12.9%
CVE-2018-10168 HIGH POC This Week

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation TP-Link Eap Controller
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-10167 HIGH POC This Week

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Eap Controller
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-10166 HIGH POC This Week

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link Eap Controller
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-10165 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10164 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
CVSS 3.0
5.4
EPSS
0.6%
EPSS 13% CVSS 9.8
CRITICAL Act Now

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Deserialization +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation TP-Link Eap Controller
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Eap Controller
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link Eap Controller
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy