TP-LINK Omada Controller Software 3.2.6 eap-web-3.2.6.jar directory traversal

WpisedytowaćHistoryDiffjsonxmlCTI

Podatność została odkryta w TP-LINK Omada Controller Software 3.2.6. Podatnością dotknięta jest nieznana funkcja w pliku /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

Pole2020-05-05 09:192020-05-05 09:24
vendorTP-LINKTP-LINK
nameOmada Controller SoftwareOmada Controller Software
version3.2.63.2.6
file/opt/tplink/EAPController/lib/eap-web-3.2.6.jar/opt/tplink/EAPController/lib/eap-web-3.2.6.jar
risk22
cvss2_vuldb_basescore4.64.6
cvss2_vuldb_tempscore4.64.6
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore5.45.4
cvss3_meta_tempscore5.45.4
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore5.35.3
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1588550400 (2020-05-04)1588550400 (2020-05-04)
price_0day$0-$5k$0-$5k
cveCVE-2020-12475CVE-2020-12475
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_nvd_basescore5.55.5
cwe022 (directory traversal)
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cve_assigned1588118400
cve_nvd_summaryTP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!