Vulnerabilities > CVE-2023-49911

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

CWE-121

NVD

Published: 2024-04-09

Updated: 2024-04-10

Summary

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888

Vulnerabilities > CVE-2023-49911 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-49911"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2023-49911