PT-2022-16422 · Tcl · Tcl Linkhub Mesh Wi-Fi
Carl Hurd
·
Published
2022-08-05
·
Updated
2022-08-09
·
CVE-2022-24025
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14
Description
A buffer overflow issue exists in the GetValue functionality. This can be triggered by a specially-crafted configuration value, allowing an attacker to modify the configuration and cause a buffer overflow. The issue affects the sntp binary.
Recommendations
For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider disabling the GetValue functionality until a patch is available to prevent exploitation of the buffer overflow. Restrict access to configuration values to minimize the risk of an attacker modifying them to trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tcl Linkhub Mesh Wi-Fi