What is CVE-2023-49913?

A high-severity stack-based buffer overflow vulnerability in the Tp-Link EAP225 Wireless MU-MIMO Gigabit Access Point can lead to remote code execution. Organizations are urged to prioritize patching.

What is the severity of CVE-2023-49913?

CVE-2023-49913 has a severity rating of HIGH with a CVSS base score of 7.2.

CVE-2023-49913 | High Vulnerability in Tp-Link EAP225 Firmware

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of the Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. This vulnerability allows specially crafted HTTP requests to lead to remote code execution. Specifically, an attacker can make an authenticated HTTP request to trigger this vulnerability. The overflow occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

The CVSS score for this vulnerability is 7.2, classified as high severity, indicating significant risk to organizations. The attack vector is network-based, requiring high privileges to execute the exploit. Given the potential for remote code execution, organizations should prioritize patching immediately.

Risk to organizations includes unauthorized access and control over affected devices, which could lead to further exploits within the network. It is imperative to assess the exposure of these devices and ensure that proper security measures are in place.

Currently, there are no known exploits or public proof-of-concept (PoC) available for this vulnerability, reducing immediate exploitation risk. However, cybersecurity teams should remain vigilant as new threats could emerge.

Vulnerability Details

The vulnerability is specifically identified as CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write). The affected products include the Tp-Link EAP225 firmware version 5.1.0 and EAP115 firmware version 5.0.4. It was published on April 9, 2024. The potential impacts include high confidentiality, integrity, and availability risks.

Technical Analysis

The root cause of this vulnerability is the improper handling of input via the web interface, leading to a stack-based buffer overflow. The attack vector is network-based, meaning an attacker can exploit it remotely without being physically present. The attack complexity is low, as the exploit does not require any special conditions to be met beyond having high privileges. User interaction is not required, making this vulnerability particularly concerning.

The impacts on confidentiality, integrity, and availability are high, as attackers may gain unauthorized access to sensitive data, modify system configurations, or disrupt service availability.

Risk & Impact Analysis

The real-world risk associated with this vulnerability is significant. Organizations using affected Tp-Link devices may face severe impacts if exploited by attackers. The blast radius potential is considerable, as a successful exploit could compromise entire networks. Given the vulnerability's high CVSS score and the lack of known exploits, organizations should assess their security posture and prioritize patching as part of their response strategy.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include Tp-Link EAP225 firmware version 5.1.0 and EAP115 firmware version 5.0.4. Organizations should ensure they are running the latest firmware to mitigate this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching by upgrading to the latest firmware versions released by Tp-Link to address this vulnerability. If an immediate patch is unavailable, consider implementing network segmentation to limit potential exposure. Organizations may also look into configuration hardening and monitoring for any unusual activity that could indicate exploitation attempts.

For further guidance on enhancing security measures, organizations can consult the application security assessment best practices.

Detection Guidance

Monitoring for log indicators such as unauthorized access attempts and unusual HTTP request patterns can help detect exploitation attempts. Behavioral anomalies in network traffic should also be examined, along with system changes that may indicate compromise.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to enable attackers to gain control over affected devices, leading to broader network penetration. This incident represents a pattern of vulnerabilities in network devices, highlighting the need for continuous security assessments and proactive measures. Security teams should ensure that regular updates and penetration testing are part of their security posture.

For more insights on effective security strategies, consider exploring our penetration testing methodology and our guide on vulnerability management programs.

Strategically, organizations must prioritize addressing such vulnerabilities to prevent exploitation and ensure the integrity of their network infrastructure.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-49913: High Vulnerability in Tp-Link EAP225 Firmware