VYPR

EAP Controller

by TP-Link

CVEs (6)

  • CVE-2018-5393CriSep 28, 2018
    risk 0.65cvss 9.8epss 0.13

    The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user…

  • CVE-2018-10168HigMay 3, 2018
    risk 0.57cvss 8.8epss 0.02

    TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.

  • CVE-2018-10166HigMay 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled…

  • CVE-2018-10167HigMay 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify…

  • CVE-2018-10165MedMay 3, 2018
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This…

  • CVE-2018-10164MedMay 3, 2018
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is…