{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T11:17:27.639","vulnerabilities":[{"cve":{"id":"CVE-2018-10168","sourceIdentifier":"cve@mitre.org","published":"2018-05-03T18:29:00.483","lastModified":"2024-11-21T03:40:56.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows."},{"lang":"es","value":"TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows no controlan los privilegios para el uso de la API web, lo que permite que un usuario con pocos privilegios realice cualquier petición como Administrador. Esto se ha solucionado en la versión 2.6.1_Windows."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:eap_controller:2.5.4:*:*:*:*:windows:*:*","matchCriteriaId":"B122DC18-221C-4B02-9A62-0E0CCB17DC10"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:eap_controller:2.6.0:*:*:*:*:windows:*:*","matchCriteriaId":"C1615604-D1D3-48C1-AE3F-7E82156972A8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/104094","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/104094","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}