CVE-2022-24352

Name of the Vulnerable Software and Affected Versions TP-Link AC1750 versions prior to 211210

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the NetUSB.ko kernel module, resulting from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this issue to execute code in the context of root.

Recommendations For TP-Link AC1750 versions prior to 211210, update to a version 211210 or later to resolve the issue. As a temporary workaround, consider disabling the NetUSB.ko kernel module until a patch is available. Restrict access to the router to minimize the risk of exploitation. Avoid using the router until the issue is resolved.