CVE-2023-49134
Last modified
CVE-2023-49134 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. EPSS estimates a 1.75% chance of exploitation in the next 30 days.
Description
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Eap225 Firmware | 5.1.0 |
| Tp-Link | Eap115 Firmware | 5.0.4 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862Exploit, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-49134?
How severe is CVE-2023-49134?
How do I fix CVE-2023-49134?
Are you affected by CVE-2023-49134?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST