PT-2018-9728 · Tp Link · Tp-Link Eap Controller+1

Publicado

2018-05-03

Atualizado

2018-06-12

CVE-2018-10166

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: TP-Link EAP Controller and Omada Controller versions 2.5.4 Windows through 2.6.0 Windows

Description: The web management interface lacks Anti-CSRF tokens in forms, allowing an attacker to submit authenticated requests when an authenticated user visits a malicious domain.

Recommendations: For versions 2.5.4 Windows through 2.6.0 Windows, update to version 2.6.1 Windows to resolve the issue. As a temporary workaround, consider restricting access to the web management interface to minimize the risk of exploitation.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-10166

Produtos afetados

Omada Controller

Tp-Link Eap Controller

PT-2018-9728 · Tp Link · Tp-Link Eap Controller+1

CVE-2018-10166

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4