MEDIUM🇬🇧 English

CVE-2020-12475

CVSS 5.5v3.1pub. 2020-05-04upd. 2024-11-21

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Tp Link Omada Controller

    APP
    Tp-Link
    3.2.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2025-9520HIGH8.3ten sam produkt

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to ma...

CVE-2025-9522MEDIUM5.1ten sam produkt

Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted ...

CVE-2025-9290MEDIUM6.0ten sam produkt

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device ...

CVE-2025-9289MEDIUM5.7ten sam produkt

A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper ...

CVE-2025-9521LOW2.1ten sam produkt

Podatność Password Confirmation Bypass w kontrolerach Omada, umożliwiająca atakującemu posiadającemu ważny tok...