cve/2023/CVE-2023-49133.md

### [CVE-2023-49133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49133)
![](https://img.shields.io/static/v1?label=Product&message=AC1350%20Wireless%20MU-MIMO%20Gigabit%20Access%20Point%20(EAP225%20V3)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=N300%20Wireless%20Access%20Point%20(EAP115)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20v5.0.4%20Build%2020220216%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20v5.1.0%20Build%2020220926%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-829%3A%20Inclusion%20of%20Functionality%20from%20Untrusted%20Control%20Sphere&color=brighgreen)

### Description

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-49133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49133)`
			`![](https://img.shields.io/static/v1?label=Product&message=AC1350%20Wireless%20MU-MIMO%20Gigabit%20Access%20Point%20(EAP225%20V3)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=N300%20Wireless%20Access%20Point%20(EAP115)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20v5.0.4%20Build%2020220216%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20v5.1.0%20Build%2020220926%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-829%3A%20Inclusion%20of%20Functionality%20from%20Untrusted%20Control%20Sphere&color=brighgreen)`

			`### Description`

			A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`