Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) Vulnerable to Command Execution via Network Requests

CVE-2023-49134
8.1HIGH

Key Information

Vendor
Tp-link
Status
Ac1350 Wireless Mu-mimo Gigabit Access Point (eap225 V3)
N300 Wireless Access Point (eap115)
Vendor
CVE Published:
9 April 2024

Summary

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.

Affected Version(s)

AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) = v5.1.0 Build 20220926

N300 Wireless Access Point (EAP115) = v5.0.4 Build 20220216

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
.