PT-2022-15272 · Tcl · Tcl Linkhub Mesh Wi-Fi
Carl Hurd
·
Published
2022-08-05
·
Updated
2022-08-08
·
CVE-2022-22144
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14
Description
A hard-coded password vulnerability exists in the libcommonprod.so
prod change root passwd functionality. This functionality is called during system startup, resulting in a known root password. An attacker does not need to take any action to trigger this issue.Recommendations
For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider disabling the
prod change root passwd functionality in the libcommonprod.so library until a patch is available. Restrict access to the root account to minimize the risk of exploitation.Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tcl Linkhub Mesh Wi-Fi