ID
VAR-202404-0331
CVE
CVE-2023-48724
TITLE
TP-LINK Technologies of EAP225 Out-of-bounds write vulnerability in firmware
Trust: 0.8
DESCRIPTION
A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability. TP-LINK Technologies of EAP225 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TP-LINK AC1350 is a router from China's TP-LINK company
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tp link | model: | eap225 | scope: | eq | version: | 5.1.0 | Trust: 1.0 |
| vendor: | tp link | model: | eap225 | scope: | eq | version: | eap225 firmware 5.1.0 | Trust: 0.8 |
| vendor: | tp link | model: | eap225 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tp link | model: | eap225 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tp link | model: | ac1350 build | scope: | eq | version: | v5.1.020220926 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | CWE-121 | Trust: 1.0 |
| problemtype: | Stack-based buffer overflow (CWE-121) [ others ] | Trust: 0.8 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
PATCH
| title: | Patch for TP-LINK AC1350 Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/544081 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-48724 | Trust: 3.2 |
| db: | TALOS | id: | TALOS-2023-1864 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2023-029689 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2024-20285 | Trust: 0.6 |
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2023-1864 | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-48724 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2024-20285 |
| db: | JVNDB | id: | JVNDB-2023-029689 |
| db: | NVD | id: | CVE-2023-48724 |
LAST UPDATE DATE
2025-08-23T23:24:17.643000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-20285 | date: | 2024-04-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-029689 | date: | 2025-08-22T04:34:00 |
| db: | NVD | id: | CVE-2023-48724 | date: | 2025-08-21T17:45:37.290 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-20285 | date: | 2024-04-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-029689 | date: | 2025-08-22T00:00:00 |
| db: | NVD | id: | CVE-2023-48724 | date: | 2024-04-09T15:15:28.397 |