CVE-2021-44032
First published: Mon Mar 07 2022(Updated: )
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Omada Software Controller | <5.0.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-44032?
CVE-2021-44032 is classified as a high-severity vulnerability due to its potential for bypassing authentication processes.
How do I fix CVE-2021-44032?
To fix CVE-2021-44032, update the TP-Link Omada SDN Software Controller to version 5.0.15 or later.
What systems are affected by CVE-2021-44032?
CVE-2021-44032 affects TP-Link Omada Software Controller versions prior to 5.0.15 on Windows platforms.
Can CVE-2021-44032 allow unauthorized access?
Yes, CVE-2021-44032 allows attackers to perform unauthorized access by bypassing the captive portal authentication.
Is there any workaround for CVE-2021-44032?
There are no official workarounds for CVE-2021-44032, and updating the software is the recommended course of action.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/tp-link
- canonical/tp-link omada software controller