CVE-2023-49908

Name of the Vulnerable Software and Affected Versions Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926

Description A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue is related to the overflow that occurs via the profile parameter. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code using specially crafted HTTP requests. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Recommendations For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the Radio Scheduling functionality until a patch is available. Restrict access to the httpd portal binary to minimize the risk of exploitation. Avoid using the profile parameter in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.