CVE-2023-49909

Name of the Vulnerable Software and Affected Versions Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926

Description A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a specially crafted series of HTTP requests, potentially leading to remote code execution. An attacker can exploit this vulnerability by making an authenticated HTTP request. The overflow occurs via the action parameter at offset 0x0045ab38 of the httpd portal binary.

Recommendations For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the httpd portal binary or restricting access to the Radio Scheduling functionality until a patch is available. Avoid using the action parameter in the affected HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.