CVE-2023-48724

high

Description

A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.

References

https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864

Details

Source: Mitre, NVD

Published: 2024-04-09

Updated: 2025-11-04

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.01203