Arbitrary Command Execution Vulnerability in Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)
CVE-2023-49133

8.1HIGH

Key Information:

Vendor: Tp-link
Status: Ac1350 Wireless Mu-mimo Gigabit Access Point (eap225 V3); N300 Wireless Access Point (eap115)
Vendor: CVE Published:; 9 April 2024

Summary

A command execution vulnerability exists within the 'enable_test_mode' functionality of Tp-Link's AC1350 and N300 Wireless Access Points. This flaw can be exploited by sending a carefully crafted series of unauthenticated network requests, potentially leading to the execution of arbitrary commands on the affected devices. The vulnerability is associated with the uclited component on the EAP225 V3 model, indicating significant implications for device security if exploited. Network administrators are advised to apply the necessary updates or mitigations to safeguard their systems.

Affected Version(s)

AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926

N300 Wireless Access Point (EAP115) v5.0.4 Build 20220216

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Nov 22, 2023

Credit

Discovered by the Vulnerability Discovery and Research team of Cisco Talos.