PT-2022-15845 · Tcl · Tcl Linkhub Mesh Wi-Fi
Carl Hurd
·
Published
2022-08-05
·
Updated
2022-08-08
·
CVE-2022-23103
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14
Description
A stack-based buffer overflow issue exists in the confsrv confctl set app language functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffer overflow. An attacker can exploit this by sending a malicious packet.
Recommendations
For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, as a temporary workaround, consider disabling the confctl set app language functionality until a patch is available. Restrict access to the confsrv to minimize the risk of exploitation. Avoid using the confsrv functionality in the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tcl Linkhub Mesh Wi-Fi