PT-2022-16420 · Tcl · Tcl Linkhub Mesh Wi-Fi
Carl Hurd
·
Published
2022-08-05
·
Updated
2022-08-09
·
CVE-2022-24023
CVSS v3.1
9.6
Critical
| Vector | AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14
Description
A buffer overflow issue exists in the GetValue functionality. This can be triggered by a specially-crafted configuration value, allowing an attacker to modify the configuration and cause a buffer overflow. The issue is related to the pppd binary.
Recommendations
For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider disabling the GetValue functionality until a patch is available to prevent exploitation of the buffer overflow issue. Restrict access to configuration values to minimize the risk of an attacker modifying them to trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tcl Linkhub Mesh Wi-Fi