CVE-2023-49133

Name of the Vulnerable Software and Affected Versions Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 Tp-Link N300 Wireless Access Point (EAP115 V4) version 5.0.4 Build 20220216

Description A command execution issue exists in the tddpd enable test mode functionality, allowing a remote attacker to execute arbitrary commands by sending specially crafted network requests. This can be triggered by sending a sequence of unauthenticated packets. The vulnerability impacts the uclited component on the affected devices.

Recommendations For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the tddpd enable test mode functionality until a patch is available. For Tp-Link N300 Wireless Access Point (EAP115 V4) version 5.0.4 Build 20220216, restrict access to the vulnerable component to minimize the risk of exploitation. As a temporary workaround, avoid using the affected uclited component on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point until the issue is resolved.