Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) Vulnerable to Command Execution via Network Requests
CVE-2023-49134

8.1HIGH

Key Information:

Vendor: Tp-link
Status: Ac1350 Wireless Mu-mimo Gigabit Access Point (eap225 V3); N300 Wireless Access Point (eap115)
Vendor: CVE Published:; 9 April 2024

Summary

A command execution vulnerability is present in the tddpd enable_test_mode functionality of specific versions of Tp-Link wireless access points, specifically the AC1350 and N300 models. Attackers may exploit this vulnerability by sending specially crafted network requests, potentially leading to arbitrary command execution on the affected devices. The N300 Wireless Gigabit Access Point version 5.0.4 is particularly vulnerable, where an attacker can send unauthenticated packets to trigger this flaw, impacting the uclited service. Ensuring timely updates and proper network security measures is crucial to mitigate risks associated with this vulnerability.

Affected Version(s)

AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926

N300 Wireless Access Point (EAP115) v5.0.4 Build 20220216

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Nov 22, 2023

Credit

Discovered by the Vulnerability Discovery and Research team of Cisco Talos.