Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-48724

A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.

Published

2024-04-09T15:15:28.397

Last Modified

2025-08-21T17:45:37.290

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tp-link	eap225_firmware	5.1.0	Yes
Hardware	tp-link	eap225	v3	No

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864 Exploit, Third Party Advisory ([email protected])
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)