CVE-2023-28478

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 12, 2023

Updated: Jan 6, 2025

CWE ID 787

Summary

CVE-2023-28478 is a buffer overflow vulnerability affecting TP-Link EC-70 devices up to version 2.3.4 Build 20220902. This issue arises when the input data exceeds the intended size of a buffer, resulting in excess data being written into an adjacent memory location. An attacker could exploit this vulnerability by sending specially crafted data to the device, potentially leading to unintended execution of code and causing a denial-of-service condition or worse, full compromise of the device. Users are advised to update their TP-Link EC-70 devices to the latest available firmware to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

TP-LINK Technologies Co Ltd

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners