PT-2022-16334 · Tcl · Tcl Linkhub Mesh Wifi Ms1G 00 01.00 14

Carl Hurd

Published

2022-08-05

Updated

2022-08-08

CVE-2022-23918

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TCL LinkHub Mesh Wifi MS1G 00 01.00 14

Description A stack-based buffer overflow issue exists in the confsrv set mf rule functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffer overflow. The vulnerability exploits the ethAddr field within the protobuf message to cause the buffer overflow. An attacker can send a malicious packet to trigger this issue.

Recommendations For TCL LinkHub Mesh Wifi MS1G 00 01.00 14, consider disabling the set mf rule functionality in the confsrv as a temporary workaround until a patch is available. Restrict access to the ethAddr field within the protobuf message to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2022-23918

Affected Products

Tcl Linkhub Mesh Wifi Ms1G 00 01.00 14

PT-2022-16334 · Tcl · Tcl Linkhub Mesh Wifi Ms1G 00 01.00 14

CVE-2022-23918

Weakness Enumeration

Related Identifiers

Affected Products

References · 4