Vulnerability Description
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Omada Software Controller | < 5.0.15 |
References
- https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_CVE-2ExploitThird Party Advisory
- https://www.tp-link.com/us/omada-sdn/Vendor Advisory
- https://www.tp-link.com/us/securityVendor Advisory
- https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_CVE-2ExploitThird Party Advisory
- https://www.tp-link.com/us/omada-sdn/Vendor Advisory
- https://www.tp-link.com/us/securityVendor Advisory
FAQ
What is CVE-2021-44032?
CVE-2021-44032 is a vulnerability with a CVSS score of 7.5 (HIGH). TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication p...
How severe is CVE-2021-44032?
CVE-2021-44032 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44032?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Omada Software Controller.