TP-Link EAP Controller and Omada Controller Multiple Security Vulnerabilities

TP-Link EAP Controller and Omada Controller are prone to the following security vulnerabilities:

1. A privilege-escalation vulnerability
2. A hard-coded cryptographic key vulnerability
3. A cross-site request-forgery vulnerability
4. Multiple HTML-injection vulnerability

An attacker may leverage these issues to gain elevated privileges, perform unauthorized actions and gain access to the affected application, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

The following products and versions are vulnerable:

TP-Link EAP Controller 2.5.4 and 2.6.0
TP-Link Omada Controller 2.5.4 and 2.6.0


 

Privacy Statement
Copyright 2010, SecurityFocus