April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities
December 27, 2023Rewterz Threat Advisory – ICS: Multiple Schneider Electric Trio Ethernet Data Radio Products Vulnerabilities
December 27, 2023Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities
December 27, 2023Rewterz Threat Advisory – ICS: Multiple Schneider Electric Trio Ethernet Data Radio Products Vulnerabilities
December 27, 2023
Severity
Medium
Analysis Summary
CVE-2023-50224 CVSS:6.5
TP-Link TL-WR841N devices could allow a remote attacker to obtain sensitive information, caused by a flaw in the httpd service. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2023-50225 CVSS:6.8
TP-Link TL-WR902AC is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the libcmm.so module. By sending a specially crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code in the context of root.
Impact
- Information Disclosure
- Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2023-50224
- CVE-2023-50225
Affected Vendors
TP-Link
Affected Products
- TP-Link TL-WR841N
- TP-Link TL-WR902AC
Remediation
Refer to TP-Link Website for patch, upgrade, or suggested workaround information.
