CVE-2018-10168

{"id": "CVE-2018-10168", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-05-03T18:29:00.483", "references": [{"url": "http://www.securityfocus.com/bid/104094", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows."}, {"lang": "es", "value": "TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows no controlan los privilegios para el uso de la API web, lo que permite que un usuario con pocos privilegios realice cualquier petici\u00f3n como Administrador. Esto se ha solucionado en la versi\u00f3n 2.6.1_Windows."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tp-link:eap_controller:2.5.4:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B122DC18-221C-4B02-9A62-0E0CCB17DC10"}, {"criteria": "cpe:2.3:a:tp-link:eap_controller:2.6.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C1615604-D1D3-48C1-AE3F-7E82156972A8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}