Details of VAR-202203-0277

ID

VAR-202203-0277

CVE

CVE-2021-44032

TITLE

TP-LINK Technologies of Windows for omada software controller Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018760

DESCRIPTION

TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. TP-LINK Technologies of Windows for omada software controller Exists in unspecified vulnerabilities.Information may be tampered with. TP-Link Omada Controller Software is a set of software that supports the management of wireless access points from Tp-link. An authorization issue vulnerability exists in TP-Link Omada Controller Software versions prior to 5.0.15, which originates from a lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 2.34

sources: NVD: CVE-2021-44032 // JVNDB: JVNDB-2021-018760 // CNVD: CNVD-2022-20079 // VULHUB: VHN-406649 // VULMON: CVE-2021-44032

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-20079

AFFECTED PRODUCTS

vendor:	tp link	model:	omada software controller	scope:	lt	version:	5.0.15	Trust: 1.0
vendor:	tp link	model:	omada software controller	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	omada software controller	scope:	eq	version:	5.0.15	Trust: 0.8
vendor:	tp link	model:	omada software controller	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	omada controller software	scope:	lt	version:	5.0.15	Trust: 0.6

sources: CNVD: CNVD-2022-20079 // JVNDB: JVNDB-2021-018760 // NVD: CVE-2021-44032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44032
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-44032
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-20079
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202203-958
value:	HIGH
Trust: 0.6
VULHUB:	VHN-406649
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-44032
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-44032
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-20079
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-406649
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-44032
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-44032
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-20079 // VULHUB: VHN-406649 // VULMON: CVE-2021-44032 // JVNDB: JVNDB-2021-018760 // CNNVD: CNNVD-202203-958 // NVD: CVE-2021-44032

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-287	Trust: 0.1

sources: VULHUB: VHN-406649 // JVNDB: JVNDB-2021-018760 // NVD: CVE-2021-44032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-958

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-958

PATCH

title:	Patch for TP-Link Omada Controller Software Authorization Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/325791	Trust: 0.6
title:	TP-LINK Omada Controller Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199806	Trust: 0.6
title:	-	url:	https://github.com/Transmetal/CVE-repository-master	Trust: 0.1

sources: CNVD: CNVD-2022-20079 // VULMON: CVE-2021-44032 // CNNVD: CNNVD-202203-958

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44032	Trust: 4.0
db:	JVNDB	id:	JVNDB-2021-018760	Trust: 0.8
db:	CNVD	id:	CNVD-2022-20079	Trust: 0.7
db:	CNNVD	id:	CNNVD-202203-958	Trust: 0.6
db:	VULHUB	id:	VHN-406649	Trust: 0.1
db:	VULMON	id:	CVE-2021-44032	Trust: 0.1

sources: CNVD: CNVD-2022-20079 // VULHUB: VHN-406649 // VULMON: CVE-2021-44032 // JVNDB: JVNDB-2021-018760 // CNNVD: CNNVD-202203-958 // NVD: CVE-2021-44032

REFERENCES

url:	https://github.com/orange-cyberdefense/cve-repository/blob/master/pocs/poc_cve-2021-44032_kevin.md	Trust: 2.6
url:	https://www.tp-link.com/us/omada-sdn/	Trust: 2.6
url:	https://www.tp-link.com/us/security	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44032	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2021-44032/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/transmetal/cve-repository-master	Trust: 0.1

sources: CNVD: CNVD-2022-20079 // VULHUB: VHN-406649 // VULMON: CVE-2021-44032 // JVNDB: JVNDB-2021-018760 // CNNVD: CNNVD-202203-958 // NVD: CVE-2021-44032

SOURCES

db:	CNVD	id:	CNVD-2022-20079
db:	VULHUB	id:	VHN-406649
db:	VULMON	id:	CVE-2021-44032
db:	JVNDB	id:	JVNDB-2021-018760
db:	CNNVD	id:	CNNVD-202203-958
db:	NVD	id:	CVE-2021-44032

LAST UPDATE DATE

2024-11-23T22:10:53.246000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-20079	date:	2022-03-16T00:00:00
db:	VULHUB	id:	VHN-406649	date:	2022-07-12T00:00:00
db:	VULMON	id:	CVE-2021-44032	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-018760	date:	2023-07-06T08:13:00
db:	CNNVD	id:	CNNVD-202203-958	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-44032	date:	2024-11-21T06:30:15.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-20079	date:	2022-03-16T00:00:00
db:	VULHUB	id:	VHN-406649	date:	2022-03-10T00:00:00
db:	VULMON	id:	CVE-2021-44032	date:	2022-03-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-018760	date:	2023-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202203-958	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-44032	date:	2022-03-10T17:44:13.273