CVE-2018-5393 (GCVE-0-2018-5393)

Vulnerability from cvelistv5 – Published: 2018-09-28 17:00 – Updated: 2024-08-05 05:33

Title

TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication

Summary

Severity ?

No CVSS data available.

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

certcc

References

URL

	Vendor	Product	Version
	TP-LINK	EAP Controller	Affected: 2.5.3 , ≤ 2.5.3 (custom)

GSD-2018-5393

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-5393

Aliases

CVE-2018-5393

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-5393",
    "description": "The TP-LINK EAP Controller is TP-LINK\u0027s software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.",
    "id": "GSD-2018-5393"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-5393"
      ],
      "details": "The TP-LINK EAP Controller is TP-LINK\u0027s software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.",
      "id": "GSD-2018-5393",
      "modified": "2023-12-13T01:22:40.418425Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2018-5393",
        "STATE": "PUBLIC",
        "TITLE": "TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EAP Controller",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c=",
                          "version_name": "2.5.3",
                          "version_value": "2.5.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "TP-LINK"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The TP-LINK EAP Controller is TP-LINK\u0027s software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-306: Missing Authentication for Critical Function"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#581311",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/581311"
          },
          {
            "name": "105402",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105402"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tp-link:eap_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5393"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The TP-LINK EAP Controller is TP-LINK\u0027s software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#581311",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/581311"
            },
            {
              "name": "105402",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105402"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:41Z",
      "publishedDate": "2018-09-28T17:29Z"
    }
  }
}

CNVD-2019-13604

Vulnerability from cnvd - Published: 2019-05-10

Title

TP-Link EAP Controller for Linux认证绕过漏洞

Description

TP-Link EAP Controller for Linux是中国普联（TP-LINK）公司的一套基于Linux平台的用于远程控制无线AP接入点设备的软件。基于Linux平台的EAP Controller中存在安全漏洞，该漏洞源于在使用之前，RMI界面未要求身份验证。远程攻击者可利用该漏洞控制目标服务器，执行Java函数或字节码。

Severity

高

Patch Name

TP-Link EAP Controller for Linux认证绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.tp-link.com/en/download/EAP220.html#Controller_Software

Reference

https://www.tp-link.com/en/download/EAP220.html#Controller_Software

Impacted products

Name
['TP-Link EAP Controller 2.5.3', 'TP-Link EAP Controller 2.4.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-5393",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5393"
    }
  },
  "description": "TP-Link EAP Controller for Linux\u662f\u4e2d\u56fd\u666e\u8054\uff08TP-LINK\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eLinux\u5e73\u53f0\u7684\u7528\u4e8e\u8fdc\u7a0b\u63a7\u5236\u65e0\u7ebfAP\u63a5\u5165\u70b9\u8bbe\u5907\u7684\u8f6f\u4ef6\u3002\n\n\u57fa\u4e8eLinux\u5e73\u53f0\u7684EAP Controller\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u4f7f\u7528\u4e4b\u524d\uff0cRMI\u754c\u9762\u672a\u8981\u6c42\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u76ee\u6807\u670d\u52a1\u5668\uff0c\u6267\u884cJava\u51fd\u6570\u6216\u5b57\u8282\u7801\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.tp-link.com/en/download/EAP220.html#Controller_Software",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-13604",
  "openTime": "2019-05-10",
  "patchDescription": "TP-Link EAP Controller for Linux\u662f\u4e2d\u56fd\u666e\u8054\uff08TP-LINK\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eLinux\u5e73\u53f0\u7684\u7528\u4e8e\u8fdc\u7a0b\u63a7\u5236\u65e0\u7ebfAP\u63a5\u5165\u70b9\u8bbe\u5907\u7684\u8f6f\u4ef6\u3002\r\n\r\n\u57fa\u4e8eLinux\u5e73\u53f0\u7684EAP Controller\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u4f7f\u7528\u4e4b\u524d\uff0cRMI\u754c\u9762\u672a\u8981\u6c42\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u76ee\u6807\u670d\u52a1\u5668\uff0c\u6267\u884cJava\u51fd\u6570\u6216\u5b57\u8282\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TP-Link EAP Controller for Linux\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "TP-Link EAP Controller 2.5.3",
      "TP-Link EAP Controller 2.4.8"
    ]
  },
  "referenceLink": "https://www.tp-link.com/en/download/EAP220.html#Controller_Software",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-28",
  "title": "TP-Link EAP Controller for Linux\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2018-5393

Vulnerability from fkie_nvd - Published: 2018-09-28 17:29 - Updated: 2024-11-21 04:08

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://www.securityfocus.com/bid/105402	Third Party Advisory, VDB Entry
cret@cert.org	https://www.kb.cert.org/vuls/id/581311	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105402	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/581311	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	tp-link	eap_controller	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tp-link:eap_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "557BEBFA-E03B-4867-B20E-79613C218073",
              "versionEndIncluding": "2.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TP-LINK EAP Controller is TP-LINK\u0027s software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode."
    },
    {
      "lang": "es",
      "value": "El software TP-LINK de TP-LINK EAP Controller para controlar remotamente los dispositivos de punto de acceso remoto. Emplea un servicio Java RMI (Remote Method Invocation) para el control remoto. La interfaz RMI no requiere autenticaci\u00f3n antes de utilizarlo, por lo que carece de autenticaci\u00f3n de usuario para comandos del servicio RMI en el controlador EAP en versiones 2.5.3 y anteriores. Los atacantes remotos pueden implementar ataques de deserializaci\u00f3n mediante el protocolo RMI. Los ataques exitosos podr\u00edan permitir que un atacante remoto controle remotamente el servidor objetivo y ejecute funciones de Java o c\u00f3digo de bytes."
    }
  ],
  "id": "CVE-2018-5393",
  "lastModified": "2024-11-21T04:08:44.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-28T17:29:00.483",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105402"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/581311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/581311"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RRGH-7G24-H4HG

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-5393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-28T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The TP-LINK EAP Controller is TP-LINK\u0027s software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.",
  "id": "GHSA-rrgh-7g24-h4hg",
  "modified": "2022-05-13T01:32:12Z",
  "published": "2022-05-13T01:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5393"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/581311"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105402"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201809-1154

Vulnerability from variot - Updated: 2024-11-23 21:13

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. TP-LINK EAP Controller Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache Commons Collections (ACC) The library deserialization process is vulnerable. Java Application ACC When using the library directly or within the range accessible by specifying the class path ACC If a library is installed, arbitrary code may be executed. Apache Commons Collections (ACC) Library http://commons.apache.org/proper/commons-collections/ Deserialize untrusted data (CWE-502) 2015 Year 1 Held on the moon AppSec California 2015 In Gabriel Lawrence Mr. and Chris Frohoff He talked about a vulnerability that could deserialize untrusted data and showed that it could execute arbitrary code. Any use of the serialization function that is not appropriate Java Application or Java Libraries are affected by this vulnerability. Deserialize untrusted data (CWE-502) http://cwe.mitre.org/data/definitions/502.html Gabriel Lawrence Mr. and Chris Frohoff Mr. Lecture http://frohoff.github.io/appseccali-marshalling-pickles/ 2015 Year 11 A month Foxglove Security of Stephen Breen Mr. this problem Apache Commons Collections (ACC) Exist in the library, especially for deserializing untrusted data InvokerTransformer It was pointed out that arbitrary code could be executed when using classes. ACC Software that uses the library, WebSphere , Jenkins , WebLogic , OpenNMS Etc. are also affected. Foxglove Security of Stephen Breen Mr (What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.) http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ Jenkins https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 WebLogic http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793&sh=&cmid=WWSU12091612MPP001C179 ACC Library version 3.2.1 , 4.0 Both are affected by this vulnerability. version 3.2.1 , 4.0 https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Apache Software Fondation Has posted an official view of the vulnerability on its blog. Here you can find advice on countermeasures and links to related information. In addition, entries related to this vulnerability (COLLECTIONS-580) Is built on a bug management system. Official view https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Entries related to this vulnerability (COLLECTIONS-580) https://issues.apache.org/jira/browse/COLLECTIONS-580 ACC other than, Groovy And Spring The same problem is being investigated for these issues. Lawrence Mr. and Frohoff In his presentation material, Java not only Python And Ruby It is stated that the same problem exists in applications and libraries written in the above. Regardless of the programming language or library used, it is important to fully consider the data serialization capabilities from the software design stage.Apache Commons Collections I'm using a library Java Application or Java Library is optional Java It may be possible to execute code. Also, ACC Even if the library is not used directly, it can be accessed by specifying the class path. ACC If the library exists, any Java It may be possible to execute code. It can extend or add Java collections framework. TP-LINK EAP Controller is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. EAP Controller version 2.5.3 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products

Advisory ID: cisco-sa-20151209-java-deserialization

Revision 1.0

For Public Release: 2015 December 9 16:00 GMT +---------------------------------------------------------------------

Summary

A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code.

The vulnerability is due to insecure deserialization of user-supplied content by the affected software. The report contains detailed proof-of-concept code for a number of applications, including WebSphere Application Server, JBoss, Jenkins, OpenNMS, and WebLogic. A wide range of potential impacts includes allowing the attacker to obtain sensitive information.

Object serialization is a technique that many programming languages use to convert an object into a sequence of bits for transfer purposes. Deserialization is a technique that reassembles those bits back to an object.

Many applications accept serialized objects from the network without performing input validation checks before deserializing it.

Additional details about the vulnerability are available at the following links:

Official Vulnerability Note from CERT: http://www.kb.cert.org/vuls/id/576313

Foxglove Security: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

Apache Commons Statement: https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread

Oracle Security Alert: https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852

Cisco will release software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWaE9BAAoJEIpI1I6i1Mx31a0QALya6VDmcGiyx3AlCzsKGISc 3NJP4PPjVFGjHQmB/+bXn1zXLZ63JgbOZuG9pLxhmJpPMxQI8jeXEHqzVmrA9cOj u/QRGkITxQaRS50cwFJXPDOVWWCTcHLhuk83Ofih8vhC8UPBy1FGMBl5rpVLDkG9 ue8yX5ACEQ078F78dpcnJmbv1Hxu021wI+nM3pn7C/aOrJ1wSNop8KkFZ+VHzbKY aeuMFqhal+ePx+JoIC4JMrTll/BLxjI17tKrzXas6D4zKNGSO0WxnEFjDWuPlc89 2y3DnaVc0eeAVPy3ODN6wJzuro4w69z1GrvXPkBfVe9WNKD1lMGRUPMRwnb/zjxu DT8Ms4LDaVCLDZ01ox3BpuZIDBP1q2Xk6ToObeHUNMSDM9IuMeVOz9BtxJxO8Yp/ YfVaoqkM6Vrf5oXKUvWow0r19+ODp18JUnc8qT7Cj0b9PwtlOUqpsNE+cAzPyZh7 UBYLPm2AZypOgw4ryUf66p3l+NGLvLdA+A1u0m+YfXSrsuEFCosUeppmZMvgzEME 7TDSbOlt6yj9W/U3ioYbhLWk1D2whTyDybXz4MLaPTPxfxozyePOcthU7R/PVGrU M0Do8nugnDXE0rYVRooF3+A/6ahoKUb9QR00O4xN4A94lfXqgc6t+180S4vavgxS g9ZP7zYVhaDCRufDoNVI =nsL1 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-1154",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "eap controller",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "tp link",
        "version": "2.5.3"
      },
      {
        "model": "eap controller",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "tp link",
        "version": "2.5.3"
      },
      {
        "model": "eap controller",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "tp link",
        "version": "2.4.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tp link",
        "version": null
      },
      {
        "model": "capssuite",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "infoframe relational store",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "systemdirector enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "jenkins",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "jenkins ci",
        "version": "0"
      },
      {
        "model": "commons collections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "3.2.1"
      },
      {
        "model": "commons collections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.0"
      },
      {
        "model": "commons collections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#581311"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "db": "BID",
        "id": "105402"
      },
      {
        "db": "BID",
        "id": "77521"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5393"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:tp-link:eap_controller",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "foxglovesecurity",
    "sources": [
      {
        "db": "BID",
        "id": "77521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-421"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-5393",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-5393",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2015-005930",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-13604",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-135424",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-5393",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-5393",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-5393",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2015-005930",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-13604",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-1168",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-135424",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-5393",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135424"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5393"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5393"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The TP-LINK EAP Controller is TP-LINK\u0027s software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. TP-LINK EAP Controller Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache Commons Collections (ACC) The library deserialization process is vulnerable. Java Application ACC When using the library directly or within the range accessible by specifying the class path ACC If a library is installed, arbitrary code may be executed. Apache Commons Collections (ACC) Library http://commons.apache.org/proper/commons-collections/ Deserialize untrusted data (CWE-502) 2015 Year 1 Held on the moon AppSec California 2015 In Gabriel Lawrence Mr. and Chris Frohoff He talked about a vulnerability that could deserialize untrusted data and showed that it could execute arbitrary code. Any use of the serialization function that is not appropriate Java Application or Java Libraries are affected by this vulnerability. Deserialize untrusted data (CWE-502) http://cwe.mitre.org/data/definitions/502.html Gabriel Lawrence Mr. and Chris Frohoff Mr. Lecture http://frohoff.github.io/appseccali-marshalling-pickles/ 2015 Year 11 A month Foxglove Security of Stephen Breen Mr. this problem Apache Commons Collections (ACC) Exist in the library, especially for deserializing untrusted data InvokerTransformer It was pointed out that arbitrary code could be executed when using classes. ACC Software that uses the library, WebSphere , Jenkins , WebLogic , OpenNMS Etc. are also affected. Foxglove Security of Stephen Breen Mr (What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.) http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ Jenkins https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 WebLogic http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793\u0026sh=\u0026cmid=WWSU12091612MPP001C179 ACC Library version 3.2.1 , 4.0 Both are affected by this vulnerability. version 3.2.1 , 4.0 https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Apache Software Fondation Has posted an official view of the vulnerability on its blog. Here you can find advice on countermeasures and links to related information. In addition, entries related to this vulnerability (COLLECTIONS-580) Is built on a bug management system. Official view https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Entries related to this vulnerability (COLLECTIONS-580) https://issues.apache.org/jira/browse/COLLECTIONS-580 ACC other than, Groovy And Spring The same problem is being investigated for these issues. Lawrence Mr. and Frohoff In his presentation material, Java not only Python And Ruby It is stated that the same problem exists in applications and libraries written in the above. Regardless of the programming language or library used, it is important to fully consider the data serialization capabilities from the software design stage.Apache Commons Collections I\u0027m using a library Java Application or Java Library is optional Java It may be possible to execute code. Also, ACC Even if the library is not used directly, it can be accessed by specifying the class path. ACC If the library exists, any Java It may be possible to execute code. It can extend or add Java collections framework. TP-LINK EAP Controller is prone to an authentication-bypass vulnerability. \nAn  attacker can exploit this issue to bypass the authentication  mechanism and perform unauthorized actions. This may lead to further  attacks. \nEAP Controller version 2.5.3 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nCisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products\n\nAdvisory ID: cisco-sa-20151209-java-deserialization\n\nRevision 1.0\n\nFor Public Release: 2015 December 9 16:00  GMT\n+---------------------------------------------------------------------\n\nSummary\n=======\n\nA vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code. \n\nThe vulnerability is due to insecure deserialization of user-supplied content by the affected software. The report contains detailed proof-of-concept code for a number of applications, including WebSphere Application Server, JBoss, Jenkins, OpenNMS, and WebLogic. A wide range of potential impacts includes allowing the attacker to obtain sensitive information. \n\nObject serialization is a technique that many programming languages use to convert an object into a sequence of bits for transfer purposes. Deserialization is a technique that reassembles those bits back to an object. \n\nMany applications accept serialized objects from the network without performing input validation checks before deserializing it. \n\nAdditional details about the vulnerability are available at the following links:\n\nOfficial Vulnerability Note from CERT:\nhttp://www.kb.cert.org/vuls/id/576313\n\nFoxglove Security:\nhttp://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/\n\nApache Commons Statement:\nhttps://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread\n\nOracle Security Alert:\nhttps://blogs.oracle.com/security/entry/security_alert_cve_2015_4852\n\nCisco will release software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. \n\nThis advisory is available at the following link:\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWaE9BAAoJEIpI1I6i1Mx31a0QALya6VDmcGiyx3AlCzsKGISc\n3NJP4PPjVFGjHQmB/+bXn1zXLZ63JgbOZuG9pLxhmJpPMxQI8jeXEHqzVmrA9cOj\nu/QRGkITxQaRS50cwFJXPDOVWWCTcHLhuk83Ofih8vhC8UPBy1FGMBl5rpVLDkG9\nue8yX5ACEQ078F78dpcnJmbv1Hxu021wI+nM3pn7C/aOrJ1wSNop8KkFZ+VHzbKY\naeuMFqhal+ePx+JoIC4JMrTll/BLxjI17tKrzXas6D4zKNGSO0WxnEFjDWuPlc89\n2y3DnaVc0eeAVPy3ODN6wJzuro4w69z1GrvXPkBfVe9WNKD1lMGRUPMRwnb/zjxu\nDT8Ms4LDaVCLDZ01ox3BpuZIDBP1q2Xk6ToObeHUNMSDM9IuMeVOz9BtxJxO8Yp/\nYfVaoqkM6Vrf5oXKUvWow0r19+ODp18JUnc8qT7Cj0b9PwtlOUqpsNE+cAzPyZh7\nUBYLPm2AZypOgw4ryUf66p3l+NGLvLdA+A1u0m+YfXSrsuEFCosUeppmZMvgzEME\n7TDSbOlt6yj9W/U3ioYbhLWk1D2whTyDybXz4MLaPTPxfxozyePOcthU7R/PVGrU\nM0Do8nugnDXE0rYVRooF3+A/6ahoKUb9QR00O4xN4A94lfXqgc6t+180S4vavgxS\ng9ZP7zYVhaDCRufDoNVI\n=nsL1\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5393"
      },
      {
        "db": "CERT/CC",
        "id": "VU#581311"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-421"
      },
      {
        "db": "BID",
        "id": "105402"
      },
      {
        "db": "BID",
        "id": "77521"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135424"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5393"
      },
      {
        "db": "PACKETSTORM",
        "id": "134752"
      }
    ],
    "trust": 4.95
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#581311",
        "trust": 3.7
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5393",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "105402",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#576313",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "77521",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94276522",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-421",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-135424",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5393",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134752",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#581311"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135424"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5393"
      },
      {
        "db": "BID",
        "id": "105402"
      },
      {
        "db": "BID",
        "id": "77521"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "db": "PACKETSTORM",
        "id": "134752"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-421"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5393"
      }
    ]
  },
  "id": "VAR-201809-1154",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135424"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:13:15.103000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "EAP Controller",
        "trust": 0.8,
        "url": "https://www.tp-link.com/us/products/details/cat-4908_EAP-Controller.html"
      },
      {
        "title": "Apache Commons statement to widespread Java object de-serialisation vulnerability",
        "trust": 0.8,
        "url": "https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread"
      },
      {
        "title": "COLLECTIONS-580: Arbitrary remote code execution with InvokerTransformer",
        "trust": 0.8,
        "url": "https://issues.apache.org/jira/browse/COLLECTIONS-580"
      },
      {
        "title": "cisco-sa-20151209-java-deserialization",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization"
      },
      {
        "title": "HS16-010",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-010/index.html"
      },
      {
        "title": "1970575",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970575"
      },
      {
        "title": "Jenkins Security Advisory 2015-11-11",
        "trust": 0.8,
        "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
      },
      {
        "title": "NV16-002",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-002.html"
      },
      {
        "title": "Secure Coding Guidelines for Java SE",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/java/seccodeguide-139067.html#8"
      },
      {
        "title": "Oracle Security Alert for CVE-2015-4852",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html"
      },
      {
        "title": "HS16-010",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-010/index.html"
      },
      {
        "title": "\u65e5\u7acb\u30c7\u30a3\u30b9\u30af\u30a2\u30ec\u30a4\u30b7\u30b9\u30c6\u30e0\u306b\u304a\u3051\u308bSVP \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/products/it/storage-solutions/techsupport/sec_info/sec_acc20160328.html"
      },
      {
        "title": "TP-LinkEAPControllerforLinux authentication bypasses the patch for the vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/160751"
      },
      {
        "title": "TP-Link EAP Controller for Linux Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85202"
      },
      {
        "title": "Java-Deserialization-CVEs",
        "trust": 0.1,
        "url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5393"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135424"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5393"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://www.kb.cert.org/vuls/id/581311"
      },
      {
        "trust": 2.0,
        "url": "https://www.kb.cert.org/vuls/id/576313"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/105402"
      },
      {
        "trust": 1.4,
        "url": "https://www.tp-link.com/en/download/eap220.html#controller_software"
      },
      {
        "trust": 1.2,
        "url": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"
      },
      {
        "trust": 0.9,
        "url": "http://cwe.mitre.org/data/definitions/306.html"
      },
      {
        "trust": 0.8,
        "url": "https://docs.oracle.com/javase/8/docs/technotes/guides/rmi/rmi_security_recommendations.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/502.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5393"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5393"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94276522/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://frohoff.github.io/appseccali-marshalling-pickles/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/77521"
      },
      {
        "trust": 0.3,
        "url": "http://www.tp-link.com"
      },
      {
        "trust": 0.3,
        "url": "https://issues.apache.org/jira/browse/collections-580"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2015/q4/237"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2015/q4/241"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-java-deserialization"
      },
      {
        "trust": 0.1,
        "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#581311"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135424"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5393"
      },
      {
        "db": "BID",
        "id": "105402"
      },
      {
        "db": "BID",
        "id": "77521"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "db": "PACKETSTORM",
        "id": "134752"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-421"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5393"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#581311"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135424"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5393"
      },
      {
        "db": "BID",
        "id": "105402"
      },
      {
        "db": "BID",
        "id": "77521"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "db": "PACKETSTORM",
        "id": "134752"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-421"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5393"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-26T00:00:00",
        "db": "CERT/CC",
        "id": "VU#581311"
      },
      {
        "date": "2019-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "date": "2018-09-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-135424"
      },
      {
        "date": "2018-09-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-5393"
      },
      {
        "date": "2018-09-18T00:00:00",
        "db": "BID",
        "id": "105402"
      },
      {
        "date": "2015-11-08T00:00:00",
        "db": "BID",
        "id": "77521"
      },
      {
        "date": "2019-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "date": "2015-11-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "date": "2015-12-10T17:22:52",
        "db": "PACKETSTORM",
        "id": "134752"
      },
      {
        "date": "2015-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-421"
      },
      {
        "date": "2018-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      },
      {
        "date": "2018-09-28T17:29:00.483000",
        "db": "NVD",
        "id": "CVE-2018-5393"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#581311"
      },
      {
        "date": "2019-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-13604"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-135424"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-5393"
      },
      {
        "date": "2018-09-18T00:00:00",
        "db": "BID",
        "id": "105402"
      },
      {
        "date": "2015-12-08T22:09:00",
        "db": "BID",
        "id": "77521"
      },
      {
        "date": "2019-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013057"
      },
      {
        "date": "2018-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005930"
      },
      {
        "date": "2015-12-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-421"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      },
      {
        "date": "2024-11-21T04:08:44.320000",
        "db": "NVD",
        "id": "CVE-2018-5393"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134752"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-421"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      }
    ],
    "trust": 1.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#581311"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1168"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-5393 (GCVE-0-2018-5393)

GSD-2018-5393

CNVD-2019-13604

FKIE_CVE-2018-5393

GHSA-RRGH-7G24-H4HG

VAR-201809-1154

Summary

Tags

Sightings

Nomenclature