Carl Hurd

**Name of the Vulnerable Software and Affected Versions** libigl version 2.4.0 **Description** The issue is related to multiple stack-based buffer overflow vulnerabilities in the readOFF.cpp functionality. These vulnerabilities can be triggered by a specially-crafted .off file, leading to a buffer overflow and allowing an attacker to execute arbitrary code. The vulnerability exists within the code responsible for parsing comments within the geometric vertices section of an OFF file. **Recommendations** For libigl version 2.4.0, consider avoiding the use of the readOFF.cpp functionality until a patch is available. As a temporary workaround, restrict the parsing of comments within the geometric vertices section of OFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libigl version 2.5.0 **Description** An out-of-bounds write issue exists in the PlyFile `ply cast ascii` functionality. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this issue. **Recommendations** For libigl version 2.5.0, consider avoiding the use of the `ply cast ascii` functionality in the PlyFile until a patch is available. As a temporary workaround, restrict the handling of .ply files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libigl version 2.4.0 **Description** The issue is related to multiple stack-based buffer overflow vulnerabilities in the readOFF.cpp functionality. These vulnerabilities can be triggered by a specially-crafted .off file, leading to a buffer overflow and allowing an attacker to execute arbitrary code. The vulnerable code is responsible for parsing comments within the geometric faces section of an OFF file. **Recommendations** For libigl version 2.4.0, consider disabling the readOFF.cpp functionality until a patch is available to prevent potential exploitation. Restrict access to .off files from untrusted sources to minimize the risk of triggering the buffer overflow vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** libigl version 2.4.0 **Description** The issue is related to multiple stack-based buffer overflow vulnerabilities in the readOFF.cpp functionality. These vulnerabilities can be triggered by a specially-crafted .off file, leading to a buffer overflow and allowing an attacker to execute arbitrary code. The vulnerabilities exist within the code responsible for parsing the header of an OFF file. **Recommendations** For libigl version 2.4.0, consider disabling the readOFF.cpp functionality until a patch is available to prevent potential exploitation. Restrict access to .off files to minimize the risk of triggering the buffer overflow vulnerabilities. Avoid using the readOFF.cpp functionality to parse .off files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libigl version 2.4.0 **Description** The issue is related to multiple stack-based buffer overflow vulnerabilities in the readOFF.cpp functionality. These vulnerabilities can be triggered by a specially-crafted .off file, leading to a buffer overflow and allowing an attacker to execute arbitrary code. The vulnerabilities exist within the code responsible for parsing geometric faces of an OFF file. **Recommendations** For libigl version 2.4.0, consider disabling the readOFF.cpp functionality until a patch is available to prevent potential exploitation. Restrict access to .off files to minimize the risk of triggering the buffer overflow vulnerabilities. Avoid using the readOFF.cpp functionality to parse geometric faces of an OFF file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libigl version 2.4.0 **Description** The issue is related to multiple stack-based buffer overflow vulnerabilities in the readOFF.cpp functionality. These vulnerabilities can be triggered by a specially-crafted .off file, leading to a buffer overflow and allowing an attacker to execute arbitrary code. The vulnerabilities exist within the code responsible for parsing geometric vertices of an OFF file. **Recommendations** For libigl version 2.4.0, consider disabling the readOFF.cpp functionality until a patch is available to prevent potential exploitation. Restrict access to parsing geometric vertices of OFF files to minimize the risk of arbitrary code execution. Avoid using specially-crafted .off files that can lead to buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WellinTech KingHistorian version 35.01.00.05 **Description** An information disclosure issue exists in the User authentication functionality. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this issue. **Recommendations** For WellinTech KingHistorian version 35.01.00.05, consider restricting access to the network to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the User authentication functionality to reduce the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WellinTech KingHistorian version 35.01.00.05 **Description** The issue is related to an integer conversion vulnerability in the SORBAx64.dll library, specifically in the RecvPacket functionality. This vulnerability can be exploited by sending a specially crafted network packet, potentially leading to a buffer overflow. An attacker could use this vulnerability to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For WellinTech KingHistorian version 35.01.00.05, consider disabling the RecvPacket functionality in the SORBAx64.dll library as a temporary workaround until a patch is available. Restrict access to the vulnerable library to minimize the risk of exploitation. Avoid using the vulnerable RecvPacket functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A buffer overflow vulnerability exists in the GetValue functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This issue affects the network check binary. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, as a temporary workaround, consider restricting access to the GetValue functionality until a patch is available. Avoid using specially-crafted configuration values in the affected network check binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A stack-based buffer overflow issue exists in the `ucloud add node new` functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffer overflow. An attacker can exploit this by sending a malicious packet. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider disabling the `ucloud add node new` functionality until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A buffer overflow vulnerability exists in the GetValue functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This issue affects the gpio ctrl binary. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, as a temporary workaround, consider restricting access to the GetValue functionality until a patch is available. Avoid using specially-crafted configuration values in the affected binary. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A buffer overflow vulnerability exists in the GetValue functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This issue affects the fota binary. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider disabling the GetValue functionality until a patch is available. Restrict access to the fota binary to minimize the risk of exploitation. Avoid using specially-crafted configuration values in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A buffer overflow vulnerability exists in the GetValue functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This issue affects the mesh status check binary. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider disabling the GetValue functionality until a patch is available to prevent exploitation of the buffer overflow vulnerability. Restrict access to the mesh status check binary to minimize the risk of exploitation. Avoid using specially-crafted configuration values in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A buffer overflow vulnerability exists in the `GetValue` functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This issue represents all occurrences of the buffer overflow vulnerability within the multiWAN binary. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, as a temporary workaround, consider restricting access to the `GetValue` functionality until a patch is available. Avoid using specially-crafted configuration values in the affected binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A buffer overflow vulnerability exists in the GetValue functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability, which represents all occurrences of the buffer overflow vulnerability within the online process binary. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, as a temporary workaround, consider restricting access to the GetValue functionality until a patch is available. Avoid using specially-crafted configuration values in the affected binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A hard-coded password vulnerability exists in the libcommonprod.so `prod change root passwd` functionality. This functionality is called during system startup, resulting in a known root password. An attacker does not need to take any action to trigger this issue. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider disabling the `prod change root passwd` functionality in the libcommonprod.so library until a patch is available. Restrict access to the root account to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A stack-based buffer overflow issue exists in the confsrv confctl set app language functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffer overflow. An attacker can exploit this by sending a malicious packet. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, as a temporary workaround, consider disabling the confctl set app language functionality until a patch is available. Restrict access to the confsrv to minimize the risk of exploitation. Avoid using the confsrv functionality in the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A buffer overflow issue exists in the GetValue functionality. This can be triggered by a specially-crafted configuration value, leading to a buffer overflow. An attacker can modify a configuration value to exploit this issue. The vulnerability is related to the confsrv binary. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider restricting access to the GetValue functionality until a patch is available. As a temporary workaround, avoid using specially-crafted configuration values that can trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 **Description** A buffer overflow issue exists in the GetValue functionality. This can be triggered by a specially-crafted configuration value, leading to a buffer overflow. An attacker can exploit this by modifying a configuration value. **Recommendations** For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider restricting access to the GetValue functionality until a patch is available. As a temporary workaround, avoid using specially-crafted configuration values that can trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL LinkHub Mesh Wifi MS1G 00 01.00 14 **Description** A stack-based buffer overflow issue exists in the confsrv set mf rule functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffer overflow. The vulnerability exploits the `ethAddr` field within the protobuf message to cause the buffer overflow. An attacker can send a malicious packet to trigger this issue. **Recommendations** For TCL LinkHub Mesh Wifi MS1G 00 01.00 14, consider disabling the set mf rule functionality in the confsrv as a temporary workaround until a patch is available. Restrict access to the ethAddr field within the protobuf message to minimize the risk of exploitation.