How severe is CVE-2023-49907?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-49907?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2023-49907 - HIGH Severity | CVSS 7.2

Vulnerability Description

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

Related Vulnerabilities

CVE-2019-10193

HIGH

CVSS:7.2(High)

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRAN...

CWE-1212019

CVE-2019-15695

HIGH

CVSS:7.2(High)

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFor...

CWE-1212019

CVE-2020-1990

HIGH

CVSS:7.2(High)

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root ...

CWE-1212020

CVE-2020-2027

HIGH

CVSS:7.2(High)

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root ...

CWE-1212020

CVE-2020-2042

HIGH

CVSS:7.2(High)

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This...

CWE-1212020

CVE-2021-1159

HIGH

CVSS:7.2(High)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code...

CWE-1212021