CVE-2022-24017

Name of the Vulnerable Software and Affected Versions TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14

Description The issue is related to a buffer overflow vulnerability in the GetValue functionality of the TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, specifically within the miniupnpd binary. This vulnerability can be triggered by a specially-crafted configuration value, allowing an attacker to modify the configuration and potentially execute arbitrary code. The vulnerability is exploitable remotely.

Recommendations For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, as a temporary workaround, consider restricting access to the miniupnpd binary until a patch is available. Avoid using specially-crafted configuration values that can trigger the buffer overflow vulnerability in the GetValue functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.