Vulnerability-Lookup

CVE-2023-48724 (GCVE-0-2023-48724)

Vulnerability from cvelistv5 – Published: 2024-04-09 14:12 – Updated: 2025-11-04 18:19

Summary

A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

talos

References

URL

Tags

https://talosintelligence.com/vulnerability_repor…

Impacted products

	Vendor	Product	Version
	Tp-Link	AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)	Affected: v5.1.0 Build 20220926

Credits

Discovered by the Vulnerability Discovery and Research team of Cisco Talos.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tp-link:ac1350_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ac1350_firmware",
            "vendor": "tp-link",
            "versions": [
              {
                "lessThanOrEqual": "v5.1.0 Build 20220926",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-48724",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T17:06:09.308925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:27:32.120Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:19:15.967Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864",
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
          },
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
          "vendor": "Tp-Link",
          "versions": [
            {
              "status": "affected",
              "version": "v5.1.0 Build 20220926"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-09T17:00:09.474Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2023-48724",
    "datePublished": "2024-04-09T14:12:47.393Z",
    "dateReserved": "2023-11-22T15:41:33.640Z",
    "dateUpdated": "2025-11-04T18:19:15.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de corrupci\\u00f3n de memoria en la funcionalidad de la interfaz web del punto de acceso Gigabit MU-MIMO inal\\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una solicitud HTTP POST especialmente manipulada puede provocar una denegaci\\u00f3n de servicio de la interfaz web del dispositivo. Un atacante puede enviar una solicitud HTTP POST no autenticada para desencadenar esta vulnerabilidad.\"}]",
      "id": "CVE-2023-48724",
      "lastModified": "2024-11-21T08:32:19.990",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-04-09T15:15:28.397",
      "references": "[{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-48724\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2024-04-09T15:15:28.397\",\"lastModified\":\"2025-11-04T19:16:07.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una solicitud HTTP POST especialmente manipulada puede provocar una denegaci\u00f3n de servicio de la interfaz web del dispositivo. Un atacante puede enviar una solicitud HTTP POST no autenticada para desencadenar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15CAB41B-D47A-42E1-AEFB-9E342492E231\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07736B46-7E3D-4E45-A554-440470FEE33B\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864\", \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T18:19:15.967Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48724\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-09T17:06:09.308925Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:tp-link:ac1350_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"tp-link\", \"product\": \"ac1350_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v5.1.0 Build 20220926\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T17:28:50.995Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Discovered by the Vulnerability Discovery and Research team of Cisco Talos.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Tp-Link\", \"product\": \"AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)\", \"versions\": [{\"status\": \"affected\", \"version\": \"v5.1.0 Build 20220926\"}]}], \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864\", \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"shortName\": \"talos\", \"dateUpdated\": \"2024-04-09T17:00:09.474Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-48724\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T18:19:15.967Z\", \"dateReserved\": \"2023-11-22T15:41:33.640Z\", \"assignerOrgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"datePublished\": \"2024-04-09T14:12:47.393Z\", \"assignerShortName\": \"talos\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GSD-2023-48724

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-48724

Aliases

CVE-2023-48724

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-48724",
    "id": "GSD-2023-48724"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-48724"
      ],
      "details": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.",
      "id": "GSD-2023-48724",
      "modified": "2023-12-13T01:20:39.428835Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2023-48724",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "v5.1.0 Build 20220926"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Tp-Link"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-121",
                "lang": "eng",
                "value": "CWE-121: Stack-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
          },
          {
            "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864",
            "refsource": "MISC",
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability."
          },
          {
            "lang": "es",
            "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una solicitud HTTP POST especialmente manipulada puede provocar una denegaci\u00f3n de servicio de la interfaz web del dispositivo. Un atacante puede enviar una solicitud HTTP POST no autenticada para desencadenar esta vulnerabilidad."
          }
        ],
        "id": "CVE-2023-48724",
        "lastModified": "2024-04-10T13:24:22.187",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "talos-cna@cisco.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-04-09T15:15:28.397",
        "references": [
          {
            "source": "talos-cna@cisco.com",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
          }
        ],
        "sourceIdentifier": "talos-cna@cisco.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-121"
              }
            ],
            "source": "talos-cna@cisco.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CNVD-2024-20285

Vulnerability from cnvd - Published: 2024-04-18

Title

TP-LINK AC1350拒绝服务漏洞

Description

TP-LINK AC1350是中国普联（TP-LINK）公司的一款路由器。 TP-LINK AC1350存在安全漏洞，攻击者可利用该漏洞通过特制的HTTP POST请求导致设备Web界面拒绝服务。

Severity

高

Patch Name

TP-LINK AC1350拒绝服务漏洞的补丁

Patch Description

TP-LINK AC1350是中国普联（TP-LINK）公司的一款路由器。 TP-LINK AC1350存在安全漏洞，攻击者可利用该漏洞通过特制的HTTP POST请求导致设备Web界面拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.tp-link.com/us/support/download/eap115/v4/#Firmware

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864

Impacted products

Name
TP-LINK AC1350 v5.1.0 Build 20220926

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-48724",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-48724"
    }
  },
  "description": "TP-LINK AC1350\u662f\u4e2d\u56fd\u666e\u8054\uff08TP-LINK\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\n\nTP-LINK AC1350\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684HTTP POST\u8bf7\u6c42\u5bfc\u81f4\u8bbe\u5907Web\u754c\u9762\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.tp-link.com/us/support/download/eap115/v4/#Firmware",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-20285",
  "openTime": "2024-04-18",
  "patchDescription": "TP-LINK AC1350\u662f\u4e2d\u56fd\u666e\u8054\uff08TP-LINK\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\r\n\r\nTP-LINK AC1350\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684HTTP POST\u8bf7\u6c42\u5bfc\u81f4\u8bbe\u5907Web\u754c\u9762\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TP-LINK AC1350\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "TP-LINK AC1350 v5.1.0 Build 20220926"
  },
  "referenceLink": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864",
  "serverity": "\u9ad8",
  "submitTime": "2024-04-11",
  "title": "TP-LINK AC1350\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2023-48724

Vulnerability from fkie_nvd - Published: 2024-04-09 15:15 - Updated: 2025-11-04 19:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864

Impacted products

	Vendor	Product	Version
	tp-link	eap225_firmware	5.1.0
	tp-link	eap225	v3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una solicitud HTTP POST especialmente manipulada puede provocar una denegaci\u00f3n de servicio de la interfaz web del dispositivo. Un atacante puede enviar una solicitud HTTP POST no autenticada para desencadenar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2023-48724",
  "lastModified": "2025-11-04T19:16:07.240",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-09T15:15:28.397",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "talos-cna@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-86R8-H4WJ-HHJG

Vulnerability from github – Published: 2024-04-09 15:30 – Updated: 2024-04-09 15:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-48724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T15:15:28Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device\u0027s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.",
  "id": "GHSA-86r8-h4wj-hhjg",
  "modified": "2024-04-09T15:30:37Z",
  "published": "2024-04-09T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48724"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-202404-0331

Vulnerability from variot - Updated: 2024-04-29 23:10

TP-LINK AC1350 is a router from China's TP-LINK company.

TP-LINK AC1350 has a security vulnerability that can be exploited by attackers to cause a denial of service on the device's web interface via a specially crafted HTTP POST request.

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202404-0331",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ac1350 build",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tp link",
        "version": "v5.1.020220926"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "cve": "CVE-2023-48724",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2024-20285",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "CNVD",
            "id": "CNVD-2024-20285",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TP-LINK AC1350 is a router from China\u0027s TP-LINK company.\n\nTP-LINK AC1350 has a security vulnerability that can be exploited by attackers to cause a denial of service on the device\u0027s web interface via a specially crafted HTTP POST request.",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ],
    "trust": 0.6
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "TALOS",
        "id": "TALOS-2023-1864",
        "trust": 0.6
      },
      {
        "db": "NVD",
        "id": "CVE-2023-48724",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "id": "VAR-202404-0331",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "last_update_date": "2024-04-29T23:10:40.448000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for TP-LINK AC1350 Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/544081"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1864"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-04-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-04-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TP-LINK AC1350 Denial of Service Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-20285"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-48724 (GCVE-0-2023-48724)

GSD-2023-48724

CNVD-2024-20285

FKIE_CVE-2023-48724

GHSA-86R8-H4WJ-HHJG

VAR-202404-0331

Tags

Sightings

Nomenclature