N/A

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.

N/A

N/A

TP-Link EAP Controller和Omada Controller 安全漏洞

TP-Link EAP Controller和Omada Controller都是中国普联（TP-LINK）公司的用于远程控制无线AP接入点设备的软件。 TP-Link EAP Controller和Omada Controller 2.5.4_Windows版本和2.6.0_Windows版本中的Web管理界面存在安全漏洞，该漏洞源于程序没有任何形式的反跨站请求伪造令牌。攻击者可利用该漏洞提交已认证的请求。

N/A

N/A