What is CVE-2023-50225?

CVE-2023-50225 is a medium-severity vulnerability in Tp-link Tl-wr902ac, classified under Stack-based Buffer Overflow. CVSS score: 6.8/10. Published 2024-05-03.

How severe is CVE-2023-50225?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Buffer overflow in Tp-link Tl-wr902ac

CVE-2023-50225

TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Aut…

Vulnerability class: Buffer Overflow

EPSS: 0.009 (75.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Tp-link Tl-wr902ac — versions 0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

ZDI-23-1809 (x_research-advisory)
vendor-provided URL (vendor-advisory)

Frequently asked questions

What is CVE-2023-50225?: CVE-2023-50225 is a medium-severity vulnerability in Tp-link Tl-wr902ac, classified under Stack-based Buffer Overflow. CVSS score: 6.8/10. Published 2024-05-03.
How severe is CVE-2023-50225?: Medium severity. CVSS v3 base score is 6.8 out of 10.