CVE-2023-49134 - Vulnerability Details - OpenCVE

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tp-link	Eap115 Eap115 Firmware Eap225 Eap225 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862

History

Thu, 21 Aug 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link eap115 Tp-link eap115 Firmware Tp-link eap225 Tp-link eap225 Firmware
Weaknesses		CWE-77
CPEs		cpe:2.3:h:tp-link:eap115:v4:::::::* cpe:2.3:h:tp-link:eap225:v3:::::::* cpe:2.3:o:tp-link:eap115_firmware:5.0.4:::::::* cpe:2.3:o:tp-link:eap225_firmware:5.1.0:::::::*
Vendors & Products		Tp-link Tp-link eap115 Tp-link eap115 Firmware Tp-link eap225 Tp-link eap225 Firmware

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-04-09T14:12:48.096Z

Updated: 2024-08-02T21:46:29.391Z

Reserved: 2023-11-22T15:34:13.184Z

Link: CVE-2023-49134

Vulnrichment

Updated: 2024-08-02T21:46:29.391Z

NVD

Status : Analyzed

Published: 2024-04-09T15:15:29.220

Modified: 2025-08-21T17:59:11.630

Link: CVE-2023-49134

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49134", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-11-22T15:34:13.184Z", "datePublished": "2024-04-09T14:12:48.096Z", "dateUpdated": "2024-08-02T21:46:29.391Z"}, "containers": {"cna": {"affected": [{"vendor": "Tp-Link", "product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)", "versions": [{"version": "v5.1.0 Build 20220926", "status": "affected"}]}, {"vendor": "Tp-Link", "product": "N300 Wireless Access Point (EAP115)", "versions": [{"version": "v5.0.4 Build 20220216", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", "type": "CWE", "cweId": "CWE-829"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-09T17:00:07.303Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"}], "credits": [{"lang": "en", "value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."}]}, "adp": [{"affected": [{"vendor": "tp-link", "product": "ac1350_firmware", "cpes": ["cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v5.1.0_build_20220926", "status": "affected"}]}, {"vendor": "tp-link", "product": "n300_firmware", "cpes": ["cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v5.0.4_build_20220216", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-10T19:30:35.924227Z", "id": "CVE-2023-49134", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T17:42:34.306Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.391Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.391Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49134", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-10T19:30:35.924227Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:tp-link:ac1350_firmware:v5.1.0_build_20220926:*:*:*:*:*:*:*"], "vendor": "tp-link", "product": "ac1350_firmware", "versions": [{"status": "affected", "version": "v5.1.0_build_20220926"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:tp-link:n300_firmware:v5.0.4_build_20220216:*:*:*:*:*:*:*"], "vendor": "tp-link", "product": "n300_firmware", "versions": [{"status": "affected", "version": "v5.0.4_build_20220216"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T17:41:59.117Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Tp-Link", "product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)", "versions": [{"status": "affected", "version": "v5.1.0 Build 20220926"}]}, {"vendor": "Tp-Link", "product": "N300 Wireless Access Point (EAP115)", "versions": [{"status": "affected", "version": "v5.0.4 Build 20220216"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"}], "descriptions": [{"lang": "en", "value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-829", "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-09T17:00:07.303Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49134", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:46:29.391Z", "dateReserved": "2023-11-22T15:34:13.184Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-04-09T14:12:48.096Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:eap225_firmware:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "15CAB41B-D47A-42E1-AEFB-9E342492E231", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:eap225:v3:*:*:*:*:*:*:*", "matchCriteriaId": "07736B46-7E3D-4E45-A554-440470FEE33B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:eap115_firmware:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0FF9ABB5-A353-4491-B928-50C0843D9597", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:eap115:v4:*:*:*:*:*:*:*", "matchCriteriaId": "1E0DB1CB-D156-4AE2-A815-B653A7D797FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de comando en la funcionalidad tddpd enable_test_mode del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 compilaci\u00f3n 20220926 y el punto de acceso inal\u00e1mbrico Tp-Link N300 (EAP115 V4) v5.0.4 compilaci\u00f3n 20220216. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una secuencia de paquetes no autenticados para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta a \"uclited\" en el EAP115(V4) 5.0.4 Build 20220216 del punto de acceso Gigabit inal\u00e1mbrico N300."}], "id": "CVE-2023-49134", "lastModified": "2025-08-21T17:59:11.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-09T15:15:29.220", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}