CVE-2023-48724

2024-04-0915:15:28

CWE-121

[email protected]

web.nvd.nist.gov

cve-2023-48724

web interface

tp-link

denial of service

http post request

authentication

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device’s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.

Affected configurations

Vulners

Node

tp-linktl-wr941nd_v3Range≤v5.1.0 Build 20220926

VendorProductVersionCPE
tp\-linktl\-wr941nd_v3*cpe:2.3:h:tp\-link:tl\-wr941nd_v3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp\-link	tl\-wr941nd_v3	*	cpe:2.3:h:tp\-link:tl\-wr941nd_v3::::::::

CNA Affected

[
  {
    "vendor": "Tp-Link",
    "product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
    "versions": [
      {
        "version": "v5.1.0 Build 20220926",
        "status": "affected"
      }
    ]
  }
]