CVE-2023-49134

Published: Apr 9, 2024

Modified: Nov 4, 2025

PUBLISHED

CVSS v3.1

8.1

HIGH

Description

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.

Vendor	Product	Versions
Tp-Link	AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)	affected `v5.1.0 Build 20220926`
Tp-Link	N300 Wireless Access Point (EAP115)	affected `v5.0.4 Build 20220216`

Weaknesses (CWE)

CWE-829

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-49134

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References