// For flags

CVE-2018-10167

TP-Link EAP Controller CSRF / Hard-Coded Key / XSS

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.

El archivo de copia de seguridad de la aplicación web en TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows está cifrado con una clave criptográfica embebida, por lo que cualquiera que conozca dicha clave y el algoritmo puede descifrarlo. Un usuario con pocos privilegios puede descifrar y modificar el archivo de copia de seguridad para elevar sus privilegios. Esto se ha solucionado en la versión 2.6.1_Windows.

TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-04-16 CVE Reserved
  • 2018-05-03 CVE Published
  • 2024-02-16 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-798: Use of Hard-coded Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tp-link
Search vendor "Tp-link"
 Eap Controller
Search vendor "Tp-link" for product "Eap Controller"
 2.5.4
Search vendor "Tp-link" for product "Eap Controller" and version "2.5.4"
windows
Affected
Tp-link
Search vendor "Tp-link"
 Eap Controller
Search vendor "Tp-link" for product "Eap Controller"
 2.6.0
Search vendor "Tp-link" for product "Eap Controller" and version "2.6.0"
windows
Affected