VAR-202203-0277
Vulnerability from variot - Updated: 2024-11-23 22:10TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. TP-LINK Technologies of Windows for omada software controller Exists in unspecified vulnerabilities.Information may be tampered with. TP-Link Omada Controller Software is a set of software that supports the management of wireless access points from Tp-link.
An authorization issue vulnerability exists in TP-Link Omada Controller Software versions prior to 5.0.15, which originates from a lack of authentication measures or insufficient authentication strength in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omada software controller",
"scope": "lt",
"trust": 1.0,
"vendor": "tp link",
"version": "5.0.15"
},
{
"model": "omada software controller",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "omada software controller",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "5.0.15"
},
{
"model": "omada software controller",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "omada controller software",
"scope": "lt",
"trust": 0.6,
"vendor": "tp link",
"version": "5.0.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"db": "NVD",
"id": "CVE-2021-44032"
}
]
},
"cve": "CVE-2021-44032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44032",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-20079",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-406649",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44032",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-44032",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-44032",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-20079",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-958",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-406649",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-44032",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"db": "VULHUB",
"id": "VHN-406649"
},
{
"db": "VULMON",
"id": "CVE-2021-44032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-958"
},
{
"db": "NVD",
"id": "CVE-2021-44032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded \"no authentication\" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. TP-LINK Technologies of Windows for omada software controller Exists in unspecified vulnerabilities.Information may be tampered with. TP-Link Omada Controller Software is a set of software that supports the management of wireless access points from Tp-link. \n\r\n\r\nAn authorization issue vulnerability exists in TP-Link Omada Controller Software versions prior to 5.0.15, which originates from a lack of authentication measures or insufficient authentication strength in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"db": "VULHUB",
"id": "VHN-406649"
},
{
"db": "VULMON",
"id": "CVE-2021-44032"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44032",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018760",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-20079",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202203-958",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-406649",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-44032",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"db": "VULHUB",
"id": "VHN-406649"
},
{
"db": "VULMON",
"id": "CVE-2021-44032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-958"
},
{
"db": "NVD",
"id": "CVE-2021-44032"
}
]
},
"id": "VAR-202203-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"db": "VULHUB",
"id": "VHN-406649"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20079"
}
]
},
"last_update_date": "2024-11-23T22:10:53.246000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TP-Link Omada Controller Software Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/325791"
},
{
"title": "TP-LINK Omada Controller Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199806"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Transmetal/CVE-repository-master "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"db": "VULMON",
"id": "CVE-2021-44032"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-287",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-406649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"db": "NVD",
"id": "CVE-2021-44032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/orange-cyberdefense/cve-repository/blob/master/pocs/poc_cve-2021-44032_kevin.md"
},
{
"trust": 2.6,
"url": "https://www.tp-link.com/us/omada-sdn/"
},
{
"trust": 2.6,
"url": "https://www.tp-link.com/us/security"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44032"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-44032/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/transmetal/cve-repository-master"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"db": "VULHUB",
"id": "VHN-406649"
},
{
"db": "VULMON",
"id": "CVE-2021-44032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-958"
},
{
"db": "NVD",
"id": "CVE-2021-44032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"db": "VULHUB",
"id": "VHN-406649"
},
{
"db": "VULMON",
"id": "CVE-2021-44032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-958"
},
{
"db": "NVD",
"id": "CVE-2021-44032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"date": "2022-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-406649"
},
{
"date": "2022-03-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44032"
},
{
"date": "2023-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-958"
},
{
"date": "2022-03-10T17:44:13.273000",
"db": "NVD",
"id": "CVE-2021-44032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-20079"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-406649"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44032"
},
{
"date": "2023-07-06T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2021-018760"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-958"
},
{
"date": "2024-11-21T06:30:15.490000",
"db": "NVD",
"id": "CVE-2021-44032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-958"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-LINK\u00a0Technologies\u00a0 of \u00a0Windows\u00a0 for \u00a0omada\u00a0software\u00a0controller\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018760"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-958"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.