Privilege Escalation Vulnerability in TP-Link EAP and Omada Controllers

CVE-2018-10168 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.

Learn more about our Web App Pen Testing.