CVE-2023-48724 — HIGH (7.5)

Vulnerability Description

A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tp-Link	Eap225 Firmware	5.1.0
Tp-Link	Eap225	v3

Related Weaknesses (CWE)

CWE-121 CWE-787

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864ExploitThird Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864ExploitThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864

FAQ

What is CVE-2023-48724?

CVE-2023-48724 is a vulnerability with a CVSS score of 7.5 (HIGH). A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST req...

How severe is CVE-2023-48724?

CVE-2023-48724 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48724?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Eap225 Firmware, Tp-Link Eap225.