What is CVE-2022-24354?

A high-severity vulnerability in TP-Link AC1750 routers allows network-adjacent attackers to execute arbitrary code without authentication. Immediate action is essential to mitigate risks.

What is the severity of CVE-2022-24354?

CVE-2022-24354 has a severity rating of HIGH with a CVSS base score of 8.8.

CVE-2022-24354 | High Vulnerability in TP-Link AC1750 Router

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835.

With a CVSS score of 8.8, this vulnerability is classified as high severity. Its implications are significant, as it allows attackers to gain complete control over affected devices without needing any form of authentication. Given the prevalence of TP-Link routers in both home and enterprise environments, this vulnerability poses a serious risk.

Risk to organizations includes potential unauthorized access to sensitive information, system manipulation, and network compromise. Organizations should prioritize patching immediately to mitigate these risks.

As of now, public exploits have been confirmed, and there is evidence of a proof-of-concept available on GitHub. Defenders are encouraged to monitor for any signs of exploitation and take necessary precautions.

Vulnerability Details

The vulnerability affects the TP-Link AC1750 router, specifically versions prior to 1.1.4 Build 20211022 rel.59103(5553). It is classified under CWE-190 due to the integer overflow issue resulting from inadequate validation of user-supplied data.

Officially published on February 18, 2022, this vulnerability has been categorized under the CVSS 3.1 scoring system with a base score of 8.8, indicating high severity. The attack vector is adjacent network, with low complexity and no privileges required.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of user-supplied data, leading to an integer overflow in the NetUSB.ko module. This allows an attacker to execute arbitrary code with root privileges.

The attack vector is adjacent network access, meaning that attackers must be on the same local network as the target device. The complexity of the attack is low, requiring no special privileges or user interaction. The impact on confidentiality, integrity, and availability is high, making this a critical vulnerability.

Risk & Impact Analysis

Organizations deploying affected versions of the TP-Link AC1750 router face significant risks. The potential for unauthorized code execution can lead to full control over the device, allowing attackers to manipulate network traffic, intercept sensitive data, and disrupt services.

This vulnerability could have a wide blast radius, affecting all users on the network and potentially allowing lateral movement to other connected devices. Organizations should assess their exposure and prioritize remediation efforts.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to 1.1.4 Build 20211022 rel.59103(5553) are affected. Users should verify their firmware version and upgrade to the latest version to mitigate this vulnerability.

Mitigation & Remediation

To remediate this vulnerability, users should immediately upgrade their TP-Link AC1750 firmware to version 1.1.4 Build 20211022 rel.59103(5553) or later. For organizations unable to update immediately, consider implementing network segmentation to limit access to affected devices.

Additionally, organizations should monitor network traffic for unusual activity and ensure proper firewall rules are in place.

For more information on security testing practices, organizations may refer to our penetration testing services.

Detection Guidance

Monitor logs for any signs of unauthorized access or code execution attempts. Behavioral anomalies, such as unexpected device reboots or unusual traffic patterns, should also be investigated.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to be exploited in various attack scenarios. Security teams should be aware of the implications of integer overflow vulnerabilities and ensure that similar weaknesses are not present in their systems.

This incident illustrates the importance of proper input validation and the need for regular firmware updates. Organizations can learn from this vulnerability to strengthen their cybersecurity posture.

For further reading on vulnerability management, consider reviewing our article on vulnerability management programs to enhance your security strategies.

Lastly, organizations should remain vigilant and proactive in their security measures to avoid falling victim to similar vulnerabilities in the future.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-24354: High Vulnerability in TP-Link AC1750 Router