Details of VAR-202202-0236

ID

VAR-202202-0236

CVE

CVE-2022-24354

TITLE

TP-Link AC1750 Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-21169 // CNNVD: CNNVD-202202-1109

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835. TP-LINK Technologies of AC 1750 An integer overflow vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tp-link AC1750 is a wireless router from Tp-link company in China

Trust: 2.88

sources: NVD: CVE-2022-24354 // JVNDB: JVNDB-2022-006207 // ZDI: ZDI-22-264 // CNVD: CNVD-2022-21169 // VULMON: CVE-2022-24354

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-21169

AFFECTED PRODUCTS

vendor:	tp link	model:	ac1750	scope:	lt	version:	211210	Trust: 1.6
vendor:	tp link	model:	ac 1750	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	ac 1750	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	ac 1750	scope:	eq	version:	ac 1750 firmware 211210	Trust: 0.8
vendor:	tp link	model:	ac1750	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-22-264 // CNVD: CNVD-2022-21169 // JVNDB: JVNDB-2022-006207 // NVD: CVE-2022-24354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24354
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2022-24354
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-24354
value:	HIGH
Trust: 0.8
ZDI:	CVE-2022-24354
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2022-21169
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202202-1109
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-24354
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-24354
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-21169
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2022-24354
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2022-24354
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2022-24354
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-264 // CNVD: CNVD-2022-21169 // VULMON: CVE-2022-24354 // JVNDB: JVNDB-2022-006207 // CNNVD: CNNVD-202202-1109 // NVD: CVE-2022-24354 // NVD: CVE-2022-24354

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.0
problemtype:	Integer overflow or wraparound (CWE-190) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006207 // NVD: CVE-2022-24354

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202202-1109

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202202-1109

PATCH

title:	Patch for TP-Link AC1750 Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/325831	Trust: 0.6
title:	Tp-link AC1750 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182998	Trust: 0.6
title:	zenith	url:	https://github.com/0vercl0k/zenith	Trust: 0.1
title:	-	url:	https://github.com/khanhdz191/linux-kernel-exploitation	Trust: 0.1

sources: CNVD: CNVD-2022-21169 // VULMON: CVE-2022-24354 // CNNVD: CNNVD-202202-1109

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24354	Trust: 4.6
db:	ZDI	id:	ZDI-22-264	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-006207	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-15835	Trust: 0.7
db:	CNVD	id:	CNVD-2022-21169	Trust: 0.6
db:	CS-HELP	id:	SB2022021403	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-1109	Trust: 0.6
db:	VULMON	id:	CVE-2022-24354	Trust: 0.1

sources: ZDI: ZDI-22-264 // CNVD: CNVD-2022-21169 // VULMON: CVE-2022-24354 // JVNDB: JVNDB-2022-006207 // CNNVD: CNNVD-202202-1109 // NVD: CVE-2022-24354

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-22-264/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24354	Trust: 2.0
url:	https://cxsecurity.com/cveshow/cve-2022-24354/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021403	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://github.com/0vercl0k/zenith	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-21169 // VULMON: CVE-2022-24354 // JVNDB: JVNDB-2022-006207 // CNNVD: CNNVD-202202-1109 // NVD: CVE-2022-24354

CREDITS

Axel '0vercl0k' Souchet from https://doar-e.github.io/

Trust: 0.7

sources: ZDI: ZDI-22-264

SOURCES

db:	ZDI	id:	ZDI-22-264
db:	CNVD	id:	CNVD-2022-21169
db:	VULMON	id:	CVE-2022-24354
db:	JVNDB	id:	JVNDB-2022-006207
db:	CNNVD	id:	CNNVD-202202-1109
db:	NVD	id:	CVE-2022-24354

LAST UPDATE DATE

2024-11-23T22:04:59.586000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-264	date:	2022-02-10T00:00:00
db:	CNVD	id:	CNVD-2022-21169	date:	2022-03-21T00:00:00
db:	VULMON	id:	CVE-2022-24354	date:	2022-02-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-006207	date:	2023-07-03T08:37:00
db:	CNNVD	id:	CNNVD-202202-1109	date:	2022-03-01T00:00:00
db:	NVD	id:	CVE-2022-24354	date:	2024-11-21T06:50:14.287

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-264	date:	2022-02-10T00:00:00
db:	CNVD	id:	CNVD-2022-21169	date:	2022-03-16T00:00:00
db:	VULMON	id:	CVE-2022-24354	date:	2022-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-006207	date:	2023-07-03T00:00:00
db:	CNNVD	id:	CNNVD-202202-1109	date:	2022-02-14T00:00:00
db:	NVD	id:	CVE-2022-24354	date:	2022-02-18T20:15:18.600