CVE-2023-49133: CWE-829: Inclusion of Functionality from Untrusted Control Sphere in Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.
CVE-2023-49133: CWE-829: Inclusion of Functionality from Untrusted Control Sphere in Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)
Description
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- talos
- Date Reserved
- 2023-11-22T15:34:13.184Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a47396d939959c8021bab
Added to database: 11/4/2025, 6:34:33 PM
Last updated: 11/4/2025, 6:36:55 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-3159: Out of bounds memory access in Google Chrome
HighCVE-2024-3158: Use after free in Google Chrome
HighCVE-2024-3156: Inappropriate implementation in Google Chrome
HighCVE-2024-31705: n/a
CriticalCVE-2024-31309: CWE-20 Improper Input Validation in Apache Software Foundation Apache Traffic Server
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.