CVE-2021-44032

Name of the Vulnerable Software and Affected Versions TP-Link Omada SDN Software Controller versions prior to 5.0.15

Description The issue is related to errors in processing authentication requests in the TP-Link Omada SDN software controller. This can allow a remote attacker to gain access to a protected network by bypassing the captive portal authentication process. For instance, an attacker can exploit this by setting window.authType=0 in client-side JavaScript, effectively using a downgraded "no authentication" method.

Recommendations For versions prior to 5.0.15, update to version 5.0.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the authentication method to prevent bypassing the captive portal authentication process.