CVE-2023-49134

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-49134
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862
Configurations

No configuration.

History

21 Nov 2024, 08:32

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862 -
Summary
  • (es) Existe una vulnerabilidad de ejecución de comando en la funcionalidad tddpd enable_test_mode del punto de acceso Gigabit MU-MIMO inalámbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 compilación 20220926 y el punto de acceso inalámbrico Tp-Link N300 (EAP115 V4) v5.0.4 compilación 20220216. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecución de comandos arbitrarios. Un atacante puede enviar una secuencia de paquetes no autenticados para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta a "uclited" en el EAP115(V4) 5.0.4 Build 20220216 del punto de acceso Gigabit inalámbrico N300.

09 Apr 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862', 'source': 'talos-cna@cisco.com'}

09 Apr 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-09 15:15

Updated : 2024-11-21 08:32

NVD link : CVE-2023-49134

Mitre link : CVE-2023-49134

CVE.ORG link : CVE-2023-49134

JSON object : View

Products Affected

No product.

CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024