CVE-2021-44032
Published: 10 March 2022
Summary
CVE-2021-44032 is a high-severity an unspecified weakness vulnerability in Tp-Link Omada Software Controller. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 39.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-30891
Vulnerability details
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the…
more
protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.