High

Analysis Summary

CVE-2023-49910 CVSS:7.2

TP-Link AC1350 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the web interface Radio Scheduling functionality. By sending a specially crafted request with the 'ssid' parameter at offset '0x42247c', a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

CVE-2023-48724 CVSS:7.4

TP-Link AC1350 Wireless MU-MIMO Gigabit Access Point is vulnerable to a denial of service, caused by memory corruption. By sending a specially crafted HTTP POST request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-49912 CVSS:7.2

TP-Link AC1350 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the web interface Radio Scheduling functionality. By sending a specially crafted request with the at the 'profile' parameter at offset '0x4224b0' of the 'httpd' binary, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

CVE-2023-49911 CVSS:7.2

TP-Link AC1350 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the web interface Radio Scheduling functionality. By sending a specially crafted request with 'band' parameter at offset '0x422420' of the 'httpd' binary, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

CVE-2023-49074 CVSS:7.4

TP-Link AC1350 Wireless MU-MIMO Gigabit Access Point is vulnerable to a denial of service, caused by exposed dangerous method or function. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to reset to factory settings, and results in a denial of service condition.

CVE-2023-49913 CVSS:7.2

TP-Link AC1350 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the web interface Radio Scheduling functionality. By sending a specially crafted request with the at the 'action' parameter at offset '0x422448' of the 'httpd' binary, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

CVE-2023-49907 CVSS:7.2

TP-Link AC1350 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the web interface Radio Scheduling functionality. By sending a specially crafted request with the at the 'band' parameter at offset '0x0045aad8' of the 'httpd_portal' binary, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

CVE-2023-49909 CVSS:7.2

TP-Link AC1350 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the web interface Radio Scheduling functionality. By sending a specially crafted request with the 'action' parameter at offset '0x0045ab38' of the 'httpd_portal' binary, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

CVE-2023-49908 CVSS:7.2

TP-Link AC1350 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the web interface Radio Scheduling functionality. By sending a specially crafted request with the at the 'profile' parameter at offset '0x0045abc8' of the 'httpd_portal' binary, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

CVE-2023-49906 CVSS:7.2

TP-Link AC1350 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the web interface Radio Scheduling functionality. By sending a specially crafted request with the 'ssid' parameter at offset '0x0045ab7c' of the 'httpd_portal' binary, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.