CVE-2021-44032
N/A
N/A
Summary
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.tp-link.com/us/security
- https://www.tp-link.com/us/omada-sdn/
- https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_CVE-2021-44032_Kevin.md
References
- https://www.tp-link.com/us/security
- https://www.tp-link.com/us/omada-sdn/
- https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_CVE-2021-44032_Kevin.md
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.