Vulnerabilities > TP Link > EAP Controller > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-03 | CVE-2018-10168 | Improper Privilege Management vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. | 8.8 |
| 2018-05-03 | CVE-2018-10167 | Use of Hard-coded Credentials vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. | 7.5 |
| 2018-05-03 | CVE-2018-10166 | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. | 8.8 |