CVE-2018-5393 – TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication
https://notcve.org/view.php?id=CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. • http://www.securityfocus.com/bid/105402 https://www.kb.cert.org/vuls/id/581311 • CWE-306: Missing Authentication for Critical Function •
CVE-2018-10164 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10164
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. Vulnerabilidad Cross-Site Scripting (XSS) persistente en TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows permite que atacantes autenticados inyecten scripts web o HTML arbitrarios mediante la implementación de la funcionalidad portalPictureUpload. Esto se ha solucionado en la versión 2.6.1_Windows. TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. • http://www.securityfocus.com/bid/104094 https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-10165 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10165
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. Vulnerabilidad Cross-Site Scripting (XSS) persistente en TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows permite que atacantes autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro userName en la funcionalidad de creación de usuarios locales. Esto se ha solucionado en la versión 2.6.1_Windows. TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. • http://www.securityfocus.com/bid/104094 https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-10168 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10168
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows no controlan los privilegios para el uso de la API web, lo que permite que un usuario con pocos privilegios realice cualquier petición como Administrador. Esto se ha solucionado en la versión 2.6.1_Windows. TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. • http://www.securityfocus.com/bid/104094 https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities • CWE-269: Improper Privilege Management •
CVE-2018-10167 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows. El archivo de copia de seguridad de la aplicación web en TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows está cifrado con una clave criptográfica embebida, por lo que cualquiera que conozca dicha clave y el algoritmo puede descifrarlo. Un usuario con pocos privilegios puede descifrar y modificar el archivo de copia de seguridad para elevar sus privilegios. • http://www.securityfocus.com/bid/104094 https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities • CWE-798: Use of Hard-coded Credentials •