{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48724", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-11-22T15:41:33.640Z", "datePublished": "2024-04-09T14:12:47.393Z", "dateUpdated": "2024-08-02T21:37:54.685Z"}, "containers": {"cna": {"affected": [{"vendor": "Tp-Link", "product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)", "versions": [{"version": "v5.1.0 Build 20220926", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE", "cweId": "CWE-121"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-09T17:00:09.474Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"}], "credits": [{"lang": "en", "value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48724", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-09T17:06:09.308925Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:tp-link:ac1350_firmware:*:*:*:*:*:*:*:*"], "vendor": "tp-link", "product": "ac1350_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v5.1.0 Build 20220926"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:27:32.120Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:37:54.685Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:37:54.685Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48724", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-09T17:06:09.308925Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:tp-link:ac1350_firmware:*:*:*:*:*:*:*:*"], "vendor": "tp-link", "product": "ac1350_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v5.1.0 Build 20220926"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T17:28:50.995Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Tp-Link", "product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)", "versions": [{"status": "affected", "version": "v5.1.0 Build 20220926"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-09T17:00:09.474Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48724", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:37:54.685Z", "dateReserved": "2023-11-22T15:41:33.640Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-04-09T14:12:47.393Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una solicitud HTTP POST especialmente manipulada puede provocar una denegaci\u00f3n de servicio de la interfaz web del dispositivo. Un atacante puede enviar una solicitud HTTP POST no autenticada para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-48724", "lastModified": "2024-11-21T08:32:19.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-04-09T15:15:28.397", "references": [{"source": "talos-cna@cisco.com", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}