CVE-2020-12475 in Omada Controller Software
Summary
by MITRE
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/05/2020
The vulnerability identified as CVE-2020-12475 affects TP-Link Omada Controller Software version 3.2.6, representing a critical directory traversal flaw that enables unauthorized file access. This vulnerability resides within the web application component of the controller software, specifically in the PortalController class where the getAdvertiseFile method processes file requests. The flaw allows remote attackers to access arbitrary files on the server by manipulating input parameters that are not properly validated or sanitized.
The technical implementation of this vulnerability stems from insufficient input validation within the com.tp_link.eap.web.portal.PortalController.getAdvertiseFile endpoint. When processing file requests, the application fails to properly sanitize user-supplied input that determines which files to retrieve, allowing attackers to craft malicious requests containing directory traversal sequences such as ../ or ..\.. The vulnerability specifically impacts the /opt/tplink/EAPController/lib/eap-web-3.2.6.jar archive where the vulnerable code is executed, making it accessible to any remote user who can reach the web interface without authentication.
The operational impact of this vulnerability is severe as it provides attackers with the ability to read sensitive files from the server filesystem, potentially including configuration files, database credentials, application source code, and other confidential information. This could lead to complete system compromise, data exfiltration, and unauthorized access to the entire network infrastructure managed by the Omada Controller. The vulnerability affects organizations using TP-Link Omada access point management systems, which are commonly deployed in enterprise environments where network security is paramount.
Security professionals should note that this vulnerability aligns with CWE-22 Directory Traversal and maps to ATT&CK technique T1083 File and Directory Discovery, indicating reconnaissance activities that precede more sophisticated attacks. Organizations should implement immediate mitigations including applying the vendor-provided security patches, restricting network access to the controller software, and implementing proper input validation controls. The vulnerability demonstrates the critical importance of proper parameter validation in web applications and highlights the need for defense-in-depth strategies that include network segmentation and access control measures to limit exposure to such flaws.