ID
VAR-202404-0249
CVE
CVE-2023-49133
TITLE
TP-LINK AC1350 and N300 command injection vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2024-20284
DESCRIPTION
TP-LINK AC1350/N300 is a router from TP-LINK of China. TP-LINK AC1350 and TP-LINK N300 have a command injection vulnerability. The vulnerability is caused by the tddpd enable_test_mode function failing to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to cause arbitrary command execution.
Trust: 0.6
sources:
CNVD: CNVD-2024-20284
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2024-20284
AFFECTED PRODUCTS
| vendor: | tp link | model: | ac1350 build | scope: | eq | version: | v5.1.020220926 | Trust: 0.6 |
| vendor: | tp link | model: | n300 build | scope: | eq | version: | v5.0.420220216 | Trust: 0.6 |
sources:
CNVD: CNVD-2024-20284
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2024-20284
PATCH
| title: | Patch for TP-LINK AC1350 and N300 command injection vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/544036 | Trust: 0.6 |
sources:
CNVD: CNVD-2024-20284
EXTERNAL IDS
| db: | TALOS | id: | TALOS-2023-1862 | Trust: 0.6 |
| db: | NVD | id: | CVE-2023-49133 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2024-20284 | Trust: 0.6 |
sources:
CNVD: CNVD-2024-20284
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2023-1862 | Trust: 0.6 |
sources:
CNVD: CNVD-2024-20284
SOURCES
| db: | CNVD | id: | CNVD-2024-20284 |
LAST UPDATE DATE
2024-04-28T22:37:37.909000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-20284 | date: | 2024-04-25T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-20284 | date: | 2024-04-18T00:00:00 |