Arbitrary Command Execution Vulnerability in Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)

CVE-2023-49133

8.1HIGH

Key Information

Vendor: Tp-link
Status: Ac1350 Wireless Mu-mimo Gigabit Access Point (eap225 V3); N300 Wireless Access Point (eap115)
Vendor: CVE Published:; 9 April 2024

Summary

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.

Affected Version(s)

AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) = v5.1.0 Build 20220926

N300 Wireless Access Point (EAP115) = v5.0.4 Build 20220216

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Apr 9, 2024
Vulnerability Reserved.
Nov 22, 2023

Collectors

NVD DatabaseMitre Database

Credit

Discovered by the Vulnerability Discovery and Research team of Cisco Talos.