EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?
EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?
2018-07-25 22:46:03

Hi all,

i'm ahhpy using 2xEAP 225 with Controller Software.
Some days ago new release was  published (Omada_Controller_v2.7.0_Windows32bit , https://www.tp-link.com/en/download/EAP-Controller.html#Controller_Software).

Linux release is still at 2.5.1.
There's a chance for a new linux release?

thank you.

 

 

  0      
  0      
#1
Options
6 Reply
Re:EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?
2018-07-26 10:53:14

See this post: https://community.tp-link.com/en/business/forum/topic/150035

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?
2018-07-27 06:34:32

Hi,

 

We are developing new version Omada Controller Linux now, it won't take too long to publish it. Any update, we will informed you in the forums.

 

Best wish,

Jonas

  1  
  1  
#3
Options
Re:Re:EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?
2018-07-28 09:53:21

thank you very much to move windows software to a linux environment.
while this is a good news, i'll wait official linux release from tp-link.
I see previous work on trap windows sw and move it in a linux environment. 
Why Tp-Link does not made official release in a quick way as your work?

  0  
  0  
#4
Options
Re:Re:Re:EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?
2018-07-28 11:31:20 - last edited 2018-07-28 12:00:07

Hi LorisAlbanese,

 

I'm in a hurry because I wait since June last year for fixes to a root exploit I did discover when EAP Controller v2.4.7, first version for Linux, was released. Back then, I informed TP-Link about those holes and did sent them a modified start/stop script, which fixed at least the root exploit.

 

You can even find those postings from June 2017 here in the forum in the discussion about the missing Privilege Separation in previous versions of EAP Controller.

 

From what I saw now, the attack vector for Privilege Escalation has been finally fixed by TP-Link in v2.7.0, although I don't know (yet), wether Privilege Separation will be introduced by the official v2.7.0 or wether TP-Link just closed the attack vector (port 1099, Java RMI) visible to the outside. We will see.

 

That's why I'm in a hurry - our company has deployed EAP Controller on a public Internet server. It has been reported that the root exploit was successfully used by hackers on at least two servers I know of, one of these a server of my customer. So the early adaption of my fixes could help to mitigate those attacks after the systems had been restored. 

 

Other security fixes from TP-Link appeared in EAP Controller v2.6.1, which unfortunately was available only for Windows, so I made a Linux version. In detail, those security-related bugs, which were already openly discussed in hacker forums, were supposedly fixed in v2.6.1:

 

CVE-2018-10164: Cross-site scripting (XSS) vulnerability via portalPictureUpload

CVE-2018-10165: Cross-site scripting (XSS) vulnerability via local user creation functionality

CVE-2018-10166: Cross Site Request Forgery vulnerability in authentication tokens

CVE-2018-10167: Hard-coded cryptographic key attack vector

CVE-2018-10168: Privilege Escalation attack vector

 

I strongly urge anyone running EAP Controller < v2.7.0 on Linux or < 2.6.1 on Windows to upgrade to Omada Controller v2.7.0 and JRE8 as fast as possible. Exception: the community version of EAP Controller v2.6.1 for Linux is relatively safe already.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  1  
  1  
#5
Options
Re:Re:EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?
2018-08-02 00:03:30

jonas wrote

Hi,

 

We are developing new version Omada Controller Linux now, it won't take too long to publish it. Any update, we will informed you in the forums.

 

Best wish,

Jonas

 

I contacted support asking about 2.7.0 for Linux and they said it would be 1-3 months, I hope that's not true.

  0  
  0  
#6
Options
Re: EAP225 AC 1200 Ver 2 - Omada Software - what about linux new release?
2018-08-03 00:56:33 - last edited 2018-08-03 01:16:01

miked315 wrote

I contacted support asking about 2.7.0 for Linux and they said it would be 1-3 months, I hope that's not true.

 

I did wait months until the release of the first Linux version 2.4 (from 2016 to July 2017) only to discover that it missed Privilege Separation.

As did version 2.5 of November 2017.

 

Why don't you use the community version of Omada Controller 2.7.0 for Linux in the meantime?

 

Its start/stop script for Linux has been tested and constantly improved for more than a year now (precisely, I published the first version of tpeap in the old forum at 2017-07-21 already, just few days after the first Linux version 2.4.7 appeared).

 

Remaining files are original Java files - very same as in the Windows version - and latest Open Source version of mongodb and Oracle's JRE 8 both to be downloaded from their official repositories (Debian / Devuan / Raspbian / Ubuntu / Fedora / Slackware / Oracle / younameit).

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  1  
  1  
#7
Options