VU#581311: TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks
The TP-LINK EAP Controller is TP-LINK’s software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands,as well as utilizes an outdated vulnerable version of Apache commons-collections,which may allow an attacker to implement deserialization attacks and control the EAP Controller server. Continue reading VU#581311: TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks