CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5393 – TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication
https://notcve.org/view.php?id=CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. • http://www.securityfocus.com/bid/105402 https://www.kb.cert.org/vuls/id/581311 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17014
https://notcve.org/view.php?id=CVE-2018-17014
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para el nombre ip_mac_bind. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_10/README.md •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17018
https://notcve.org/view.php?id=CVE-2018-17018
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para el nombre time_switch. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_14/README.md •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17008
https://notcve.org/view.php?id=CVE-2018-17008
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para el poder inalámbrico wlan_host_2g. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_04/README.md •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17012
https://notcve.org/view.php?id=CVE-2018-17012
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para hosts_info set_block_flag up_limit. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_08/README.md •