Search criteria
21 vulnerabilities found for eap115_firmware by tp-link
FKIE_CVE-2023-49911
Vulnerability from fkie_nvd - Published: 2024-04-09 15:15 - Updated: 2025-11-04 19:16
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | eap225_firmware | 5.1.0 | |
| tp-link | eap225 | v3 | |
| tp-link | eap115_firmware | 5.0.4 | |
| tp-link | eap115 | v4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF9ABB5-A353-4491-B928-50C0843D9597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0DB1CB-D156-4AE2-A815-B653A7D797FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `band` en el desplazamiento `0x422420` del binario `httpd` incluido con la versi\u00f3n 5.0.4 Build 20220216 de EAP115."
}
],
"id": "CVE-2023-49911",
"lastModified": "2025-11-04T19:16:11.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T15:15:30.403",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49912
Vulnerability from fkie_nvd - Published: 2024-04-09 15:15 - Updated: 2025-11-04 19:16
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | eap225_firmware | 5.1.0 | |
| tp-link | eap225 | v3 | |
| tp-link | eap115_firmware | 5.0.4 | |
| tp-link | eap115 | v4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF9ABB5-A353-4491-B928-50C0843D9597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0DB1CB-D156-4AE2-A815-B653A7D797FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `profile` en el desplazamiento `0x4224b0` del binario `httpd` enviado con v5.0.4 Build 20220216 de EAP115."
}
],
"id": "CVE-2023-49912",
"lastModified": "2025-11-04T19:16:11.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T15:15:30.593",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49913
Vulnerability from fkie_nvd - Published: 2024-04-09 15:15 - Updated: 2025-11-04 19:16
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | eap225_firmware | 5.1.0 | |
| tp-link | eap225 | v3 | |
| tp-link | eap115_firmware | 5.0.4 | |
| tp-link | eap115 | v4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF9ABB5-A353-4491-B928-50C0843D9597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0DB1CB-D156-4AE2-A815-B653A7D797FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `action` en el desplazamiento `0x422448` del binario `httpd` enviado con la versi\u00f3n 5.0.4 Build 20220216 de EAP115."
}
],
"id": "CVE-2023-49913",
"lastModified": "2025-11-04T19:16:11.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T15:15:30.783",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49910
Vulnerability from fkie_nvd - Published: 2024-04-09 15:15 - Updated: 2025-11-04 19:16
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | eap225_firmware | 5.1.0 | |
| tp-link | eap225 | v3 | |
| tp-link | eap115_firmware | 5.0.4 | |
| tp-link | eap115 | v4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF9ABB5-A353-4491-B928-50C0843D9597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0DB1CB-D156-4AE2-A815-B653A7D797FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `ssid` en el desplazamiento `0x42247c` del binario `httpd` enviado con la versi\u00f3n 5.0.4 Build 20220216 del EAP115."
}
],
"id": "CVE-2023-49910",
"lastModified": "2025-11-04T19:16:11.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T15:15:30.210",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49134
Vulnerability from fkie_nvd - Published: 2024-04-09 15:15 - Updated: 2025-11-04 19:16
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | eap225_firmware | 5.1.0 | |
| tp-link | eap225 | v3 | |
| tp-link | eap115_firmware | 5.0.4 | |
| tp-link | eap115 | v4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF9ABB5-A353-4491-B928-50C0843D9597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0DB1CB-D156-4AE2-A815-B653A7D797FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comando en la funcionalidad tddpd enable_test_mode del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 compilaci\u00f3n 20220926 y el punto de acceso inal\u00e1mbrico Tp-Link N300 (EAP115 V4) v5.0.4 compilaci\u00f3n 20220216. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una secuencia de paquetes no autenticados para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta a \"uclited\" en el EAP115(V4) 5.0.4 Build 20220216 del punto de acceso Gigabit inal\u00e1mbrico N300."
}
],
"id": "CVE-2023-49134",
"lastModified": "2025-11-04T19:16:09.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T15:15:29.220",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49907
Vulnerability from fkie_nvd - Published: 2024-04-09 15:15 - Updated: 2025-11-04 19:16
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | eap225_firmware | 5.1.0 | |
| tp-link | eap225 | v3 | |
| tp-link | eap115_firmware | 5.0.4 | |
| tp-link | eap115 | v4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF9ABB5-A353-4491-B928-50C0843D9597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0DB1CB-D156-4AE2-A815-B653A7D797FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `band` en el desplazamiento `0x0045aad8` del binario `httpd_portal` incluido con la versi\u00f3n 5.1.0 Build 20220926 de EAP225."
}
],
"id": "CVE-2023-49907",
"lastModified": "2025-11-04T19:16:10.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T15:15:29.637",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49133
Vulnerability from fkie_nvd - Published: 2024-04-09 15:15 - Updated: 2025-11-04 19:16
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | eap225_firmware | 5.1.0 | |
| tp-link | eap225 | v3 | |
| tp-link | eap115_firmware | 5.0.4 | |
| tp-link | eap115 | v4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF9ABB5-A353-4491-B928-50C0843D9597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0DB1CB-D156-4AE2-A815-B653A7D797FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comando en la funcionalidad tddpd enable_test_mode del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 compilaci\u00f3n 20220926 y el punto de acceso inal\u00e1mbrico Tp-Link N300 (EAP115 V4) v5.0.4 compilaci\u00f3n 20220216. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una secuencia de paquetes no autenticados para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta a \"uclited\" en el EAP225(V3) 5.1.0 Build 20220926 del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico AC1350."
}
],
"id": "CVE-2023-49133",
"lastModified": "2025-11-04T19:16:08.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T15:15:29.003",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-49134 (GCVE-0-2023-49134)
Vulnerability from cvelistv5 – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.
Severity ?
8.1 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:30:35.924227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:42:34.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:39.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:07.303Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49134",
"datePublished": "2024-04-09T14:12:48.096Z",
"dateReserved": "2023-11-22T15:34:13.184Z",
"dateUpdated": "2025-11-04T18:19:39.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49133 (GCVE-0-2023-49133)
Vulnerability from cvelistv5 – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.
Severity ?
8.1 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T17:24:28.865802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:15:23.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:38.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:07.143Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49133",
"datePublished": "2024-04-09T14:12:47.975Z",
"dateReserved": "2023-11-22T15:34:13.184Z",
"dateUpdated": "2025-11-04T18:19:38.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49911 (GCVE-0-2023-49911)
Vulnerability from cvelistv5 – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:18:12.233567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:48:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:58.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:08.793Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49911",
"datePublished": "2024-04-09T14:12:46.602Z",
"dateReserved": "2023-12-01T22:10:32.247Z",
"dateUpdated": "2025-11-04T18:19:58.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49910 (GCVE-0-2023-49910)
Vulnerability from cvelistv5 – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:18:08.721454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:47:49.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:57.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:08.635Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49910",
"datePublished": "2024-04-09T14:12:46.510Z",
"dateReserved": "2023-12-01T22:10:32.246Z",
"dateUpdated": "2025-11-04T18:19:57.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49912 (GCVE-0-2023-49912)
Vulnerability from cvelistv5 – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:18:05.246412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:49:09.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:59.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:08.948Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49912",
"datePublished": "2024-04-09T14:12:46.695Z",
"dateReserved": "2023-12-01T22:10:32.247Z",
"dateUpdated": "2025-11-04T18:19:59.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49907 (GCVE-0-2023-49907)
Vulnerability from cvelistv5 – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:50:03.936083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:46:58.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:53.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:07.890Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49907",
"datePublished": "2024-04-09T14:12:46.207Z",
"dateReserved": "2023-12-01T22:10:32.246Z",
"dateUpdated": "2025-11-04T18:19:53.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49913 (GCVE-0-2023-49913)
Vulnerability from cvelistv5 – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:20
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:13:53.666002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:49:27.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:20:01.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:09.105Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49913",
"datePublished": "2024-04-09T14:12:46.790Z",
"dateReserved": "2023-12-01T22:10:32.247Z",
"dateUpdated": "2025-11-04T18:20:01.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49134 (GCVE-0-2023-49134)
Vulnerability from nvd – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.
Severity ?
8.1 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:30:35.924227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:42:34.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:39.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:07.303Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49134",
"datePublished": "2024-04-09T14:12:48.096Z",
"dateReserved": "2023-11-22T15:34:13.184Z",
"dateUpdated": "2025-11-04T18:19:39.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49133 (GCVE-0-2023-49133)
Vulnerability from nvd – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.
Severity ?
8.1 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T17:24:28.865802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:15:23.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:38.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:07.143Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49133",
"datePublished": "2024-04-09T14:12:47.975Z",
"dateReserved": "2023-11-22T15:34:13.184Z",
"dateUpdated": "2025-11-04T18:19:38.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49911 (GCVE-0-2023-49911)
Vulnerability from nvd – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:18:12.233567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:48:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:58.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:08.793Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49911",
"datePublished": "2024-04-09T14:12:46.602Z",
"dateReserved": "2023-12-01T22:10:32.247Z",
"dateUpdated": "2025-11-04T18:19:58.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49910 (GCVE-0-2023-49910)
Vulnerability from nvd – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:18:08.721454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:47:49.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:57.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:08.635Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49910",
"datePublished": "2024-04-09T14:12:46.510Z",
"dateReserved": "2023-12-01T22:10:32.246Z",
"dateUpdated": "2025-11-04T18:19:57.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49912 (GCVE-0-2023-49912)
Vulnerability from nvd – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:18:05.246412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:49:09.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:59.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:08.948Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49912",
"datePublished": "2024-04-09T14:12:46.695Z",
"dateReserved": "2023-12-01T22:10:32.247Z",
"dateUpdated": "2025-11-04T18:19:59.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49907 (GCVE-0-2023-49907)
Vulnerability from nvd – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:50:03.936083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:46:58.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:53.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:07.890Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49907",
"datePublished": "2024-04-09T14:12:46.207Z",
"dateReserved": "2023-12-01T22:10:32.246Z",
"dateUpdated": "2025-11-04T18:19:53.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49913 (GCVE-0-2023-49913)
Vulnerability from nvd – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:20
VLAI?
Summary
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Affected:
v5.1.0 Build 20220926
|
|||||||
|
|||||||||
Credits
Discovered by the Vulnerability Discovery and Research team of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1350_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.1.0_build_20220926"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v5.0.4_build_20220216"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:13:53.666002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:49:27.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:20:01.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
},
{
"product": "N300 Wireless Access Point (EAP115)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.0.4 Build 20220216"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:09.105Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49913",
"datePublished": "2024-04-09T14:12:46.790Z",
"dateReserved": "2023-12-01T22:10:32.247Z",
"dateUpdated": "2025-11-04T18:20:01.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}