CVE-2023-49134

Name of the Vulnerable Software and Affected Versions Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 Tp-Link N300 Wireless Access Point (EAP115 V4) version 5.0.4 Build 20220216

Description A command execution vulnerability exists in the tddpd enable test mode functionality. This issue can be exploited by sending a specially crafted series of network requests, leading to arbitrary command execution. An attacker can trigger this vulnerability by sending a sequence of unauthenticated packets. The vulnerability impacts uclited on the affected devices.

Recommendations For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the tddpd enable test mode functionality until a patch is available. For Tp-Link N300 Wireless Access Point (EAP115 V4) version 5.0.4 Build 20220216, restrict access to the uclited component to minimize the risk of exploitation. As a temporary workaround, consider blocking unauthenticated packets to the affected devices until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.