CVE-2022-24354

Name of the Vulnerable Software and Affected Versions TP-Link AC1750 versions prior to 1.1.4 Build 20211022 rel.59103(5553)

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 routers. Authentication is not required to exploit this issue. The specific flaw exists within the NetUSB.ko module, resulting from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this issue to execute code in the context of root.

Recommendations For versions prior to 1.1.4 Build 20211022 rel.59103(5553), consider updating to a version that includes the fix for this issue. As a temporary workaround, consider disabling the NetUSB.ko module until a patch is available. Restrict access to the router to minimize the risk of exploitation.