CVE-2018-5393
Last modified
CVE-2018-5393 is a vulnerability of currently unknown severity. The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. EPSS estimates a 12.86% chance of exploitation in the next 30 days.
Description
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Eap Controller | <= 2.5.3 |
References
- http://www.securityfocus.com/bid/105402Third Party Advisory, VDB Entry
- https://www.kb.cert.org/vuls/id/581311Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/105402Third Party Advisory, VDB Entry
- https://www.kb.cert.org/vuls/id/581311Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5393?
How severe is CVE-2018-5393?
How do I fix CVE-2018-5393?
Are you affected by CVE-2018-5393?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST