QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-5393

Back to search

CVE-2018-5393

Published: Sep 28, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.

VendorProductVersions

TP-LINK

EAP Controller

affected
2.5.3 - <= 2.5.3

Weaknesses (CWE)

CWE-306

References

VU#581311
third-party-advisory
x_refsource_CERT-VN
105402
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now