Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) Vulnerable to Command Execution via Network Requests
CVE-2023-49134
8.1HIGH
Key Information
- Vendor
- Tp-link
- Status
- Ac1350 Wireless Mu-mimo Gigabit Access Point (eap225 V3)
- N300 Wireless Access Point (eap115)
- Vendor
- CVE Published:
- 9 April 2024
Summary
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.
Affected Version(s)
AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) = v5.1.0 Build 20220926
N300 Wireless Access Point (EAP115) = v5.0.4 Build 20220216
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.