CVE-2022-24015

Name of the Vulnerable Software and Affected Versions TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14

Description The issue is related to a buffer overflow vulnerability in the GetValue functionality of the software, which occurs when handling the log upload file without proper input size validation. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability can be triggered by modifying a specially-crafted configuration value, leading to a buffer overflow within the log upload binary.

Recommendations For version 01.00 14, consider disabling the GetValue functionality until a patch is available to prevent potential exploitation. Restrict access to the log upload binary to minimize the risk of exploitation. Avoid using specially-crafted configuration values that can trigger the buffer overflow vulnerability.