CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

CVE-2023-49074

CVE-2023-49074 affects TP-Link AC1350 Omada Giga APs (EAP225 V3) running v5.1.0 Build 20220926. A TDDP-based vulnerability (V2 ENC_CMD_OPT subtype 0x49) allows an unauthenticated attacker to reset device settings to factory defaults by sending a crafted network request; a related TDDP_SPECIAL_CMD...

CVE-2023-49133

A command execution vulnerability exists in the tddpd enabletestmode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point EAP115 V4 v5.0.4 Build 20220216. A specially crafted series of network requests can lea...

CVE-2023-49909

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

CVE-2023-49907

Talos-1888 details a stack-based buffer overflow in TP-Link AC1350 (EAP225 V3) firmware v5.1.0 Build 20220926, caused by the handling of newline-delimited POST parameters (ssid, band, profile, action) in /data/scheduler.association.json. Specifically, the vulnerability arises from unsafe copying ...

CVE-2023-49913

CVE-2023-49913 affects TP-Link AC1350 family (EAP225 V3) and EAP115, décrit comme une overflow de pile dans l’interface web Radio Scheduling via la fonction POST /data/scheduler.association.json. L’exploitation exige une requête authentifiée et peut survenir lorsque l’opération ne vaut pas read/l...

CVE-2023-49912

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1861 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 TDDP denial of service vulnerability April 9, 2024 CVE Number CVE-2023-49074 SUMMARY A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO...

CVE-2023-43284

CVE-2023-43284 affects the D-Link DIR-846 wireless router (firmware variant 100A53DBR-Retail). The vulnerability is a code execution flaw caused by insufficient protection when handling the QoS POST parameter, allowing an authenticated remote attacker to execute arbitrary code. Multiple sources (...