Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-49906

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

Published

2024-04-09T15:15:29.433

Last Modified

2025-08-21T17:59:26.517

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tp-link	eap225_firmware	5.1.0	Yes
Hardware	tp-link	eap225	v3	No

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 Exploit, Third Party Advisory ([email protected])
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)