Vulnerabilities > TP Link > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-30 CVE-2018-11481 Improper Input Validation vulnerability in Tp-Link products
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
network
low complexity
tp-link CWE-20
8.8
2018-05-03 CVE-2018-10168 Improper Privilege Management vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator.
network
low complexity
tp-link CWE-269
8.8
2018-05-03 CVE-2018-10167 Use of Hard-coded Credentials vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it.
network
high complexity
tp-link CWE-798
7.5
2018-05-03 CVE-2018-10166 Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms.
network
low complexity
tp-link CWE-352
8.8
2018-01-11 CVE-2017-15637 Unspecified vulnerability in Tp-Link products
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.
network
low complexity
tp-link
7.2
2018-01-11 CVE-2017-15636 Unspecified vulnerability in Tp-Link products
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.
network
low complexity
tp-link
7.2
2018-01-11 CVE-2017-15635 Unspecified vulnerability in Tp-Link products
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.
network
low complexity
tp-link
7.2
2018-01-11 CVE-2017-15634 Unspecified vulnerability in Tp-Link products
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.
network
low complexity
tp-link
7.2
2018-01-11 CVE-2017-15633 Unspecified vulnerability in Tp-Link products
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.
network
low complexity
tp-link
7.2
2018-01-11 CVE-2017-15632 Unspecified vulnerability in Tp-Link products
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
network
low complexity
tp-link
7.2