What is CVE-2022-24355?

A high-severity vulnerability exists in TP-Link TL-WR940N firmware, allowing network-adjacent attackers to execute arbitrary code without authentication. Organizations should prioritize patching to protect against potential exploits.

What is the severity of CVE-2022-24355?

CVE-2022-24355 has a severity rating of HIGH with a CVSS base score of 8.8.

CVE-2022-24355 | High Vulnerability in TP-Link TL-WR940N Firmware

CVE-2022-24355 is a high-severity vulnerability affecting the TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations without requiring authentication. The specific flaw lies in the parsing of file name extensions, resulting from insufficient validation of user-supplied data length before copying it to a fixed-length stack-based buffer. An attacker may exploit this vulnerability to execute code in the context of root.

With a CVSS score of 8.8, this vulnerability is classified as high severity. The implications of this vulnerability are significant, as it can lead to unauthorized access and control over the affected devices, potentially compromising the confidentiality, integrity, and availability of network resources.

Organizations should prioritize patching this vulnerability immediately to mitigate risks associated with potential exploitation. The lack of authentication required to exploit this vulnerability increases the urgency for defenders to address it.

No public exploit has been confirmed for this vulnerability, and it is not listed in the Known Exploited Vulnerabilities (KEV) catalog. However, given the nature of the flaw, organizations should remain vigilant and monitor for any emerging threats related to CVE-2022-24355.

Vulnerability Details

The vulnerability described in CVE-2022-24355 is characterized by its ability to permit arbitrary code execution by attackers with network adjacency. The vulnerability's root cause is the improper validation of user inputs, particularly the length of file name extensions, which leads to buffer overflow conditions.

The CVSS 3.1 vector string for this vulnerability is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that it has a low attack complexity and does not require any privileges or user interactions. The potential impacts on confidentiality, integrity, and availability are all rated as high.

The vulnerability affects the TP-Link TL-WR940N firmware, specifically in versions prior to the vendor patch. It has been assigned CWE classifications CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), highlighting the nature of the vulnerability.

Technical Analysis

The root cause of CVE-2022-24355 stems from improper handling of file name extensions during parsing. Specifically, the system does not adequately verify the length of user-supplied data before it is stored in a fixed-length stack-based buffer. This lack of validation creates a situation where an attacker can exploit the buffer overflow to inject and execute arbitrary code.

The attack vector is classified as adjacent network, meaning that an attacker must be on the same local network as the target device. The attack complexity is low, making it accessible for attackers with minimal skills. Importantly, no privileges are needed to exploit this vulnerability, and user interaction is not required.

The impacts of a successful attack include high confidentiality, integrity, and availability impacts, as the arbitrary code execution could lead to complete control over the affected devices.

Risk & Impact Analysis

Real-world risks associated with CVE-2022-24355 are significant, particularly for organizations relying on the TP-Link TL-WR940N routers. Given that authentication is not required for exploitation, the vulnerability poses a substantial threat to network security.

Organizations need to understand that the potential blast radius could affect multiple devices connected to the same network, leading to unauthorized access and control over sensitive data and resources. The urgency is underscored by the high CVSS score of 8.8, indicating that immediate action is necessary to mitigate potential exploitations.

Organizations should be aware that this vulnerability is not currently listed in the KEV catalog, but the lack of a KEV designation does not diminish the importance of addressing it promptly. Continuous monitoring for any emerging threats related to this vulnerability is crucial for maintaining network integrity.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of the TP-Link TL-WR940N firmware prior to any vendor patch. Organizations using these devices should ensure they are aware of their version status and apply any available updates.

Mitigation & Remediation

Organizations should prioritize patching to remediate CVE-2022-24355. It is recommended to upgrade to the latest firmware version released by TP-Link. In scenarios where the patch is not immediately available, consider implementing network controls to limit access to affected devices and reduce exposure to potential attacks.

Additionally, organizations may benefit from conducting regular security assessments, including penetration testing, to identify and address vulnerabilities within their network infrastructure.

Detection Guidance

To effectively monitor for potential exploitation of CVE-2022-24355, organizations should establish log indicators focusing on unusual network traffic patterns originating from local network segments. Behavioral anomalies, such as unexpected device restarts or unusual application behavior, may also signal attempts to exploit this vulnerability.

Additionally, organizations should consider implementing network signatures that can detect attempts to exploit the flaw and ensure that system changes are logged for further investigation.

AppSecure Threat Intelligence Insight

CVE-2022-24355 highlights the ongoing issue of vulnerabilities in widely used consumer products like routers. As devices become increasingly integral to network infrastructure, the implications of such vulnerabilities extend beyond individual devices to encompass broader network security. Organizations should learn from this incident and prioritize rigorous security in their device management practices.

To bolster defenses, consider implementing a comprehensive vulnerability management program that incorporates regular updates and security assessments.

For organizations leveraging cloud infrastructure, exploring cloud security assessment strategies can also be beneficial in mitigating risks associated with vulnerabilities like CVE-2022-24355.

Finally, integrating insights from security assessments with incident response strategies can enhance organizational resilience against emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-24355: High Vulnerability in TP-Link TL-WR940N Firmware