PT-2022-4680 · Tcl · Tcl Linkhub Mesh Wi-Fi Ac1200+1
Carl Hurd
·
Published
2022-08-05
·
Updated
2022-08-08
·
CVE-2022-24008
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TCL LinkHub Mesh Wi-Fi AC1200 versions prior to the fixed version
TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14
Description
The issue is related to a buffer overflow vulnerability in the GetValue function of the LinkHub Mesh Wi-Fi microprogram, which occurs when processing the confcli file without checking the size of the input data. This vulnerability can be exploited by a remote attacker to execute arbitrary code. A specially-crafted configuration value can lead to a buffer overflow.
Recommendations
For TCL LinkHub Mesh Wi-Fi AC1200, update to a version that fixes the buffer overflow vulnerability in the GetValue function.
For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, modify configuration values to avoid triggering the buffer overflow vulnerability until a patch is available.
As a temporary workaround, consider restricting access to the confcli binary to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tcl Linkhub Mesh Wi-Fi Ac1200
Tcl Linkhub Mesh Wifi Ms1G 00 01.00 14