CVE-2023-49911

Exploit

EPSS 0.64%
Veröffentlicht 09.04.2024 15:15:30
Zuletzt bearbeitet 21.08.2025 18:00:29
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Eap225 Firmware Version5.1.0

Tp-link ≫ Eap225 Versionv3

Tp-link ≫ Eap115 Firmware Version5.0.4

Tp-link ≫ Eap115 Versionv4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.695

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
talos-cna@cisco.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-49911

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49911

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49911

EUVD