PT-2022-16335 · Tcl · Tcl Linkhub Mesh Wifi Ms1G
Carl Hurd
·
Published
2022-08-05
·
Updated
2022-08-08
·
CVE-2022-23919
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TCL LinkHub Mesh Wifi MS1G 00 01.00 14
Description
A stack-based buffer overflow issue exists in the confsrv set mf rule functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffer overflow. An attacker can exploit this by sending a malicious packet. The vulnerability uses the
name field within the protobuf message to cause the buffer overflow.Recommendations
For TCL LinkHub Mesh Wifi MS1G 00 01.00 14, consider disabling the confsrv set mf rule functionality until a patch is available to prevent exploitation. Restrict access to the network to minimize the risk of receiving malicious packets. Avoid using the
name field within the protobuf message in the affected functionality until the issue is resolved.Exploit
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tcl Linkhub Mesh Wifi Ms1G