VDB
CVE-2018-5393
CVE-2018-5393
PUBLISHED
CVSS 9.800000190734863 CRITICAL
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.
EPSS 15.08% · 94.7th percentile
Risk Scores
CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
15.08%
94.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| tp-link | eap_controller | 0 |
| TP-LINK | EAP Controller | 2.5.3 |
Exploit Intelligence
- CIRCL seen: CVE-2018-5393 (circl-sighting)
- VU#581311 (circl)
- 105402 (circl)
Timeline
- Nov 8, 2015 CVE Published
- Sep 26, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 11, 2023 EPSS Score
References
- VU#581311 third-party-advisory
- 105402 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2018-5393 advisory