CVE-2022-24022

Name of the Vulnerable Software and Affected Versions TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14

Description A buffer overflow vulnerability exists in the GetValue functionality of the TCL LinkHub Mesh Wi-Fi, related to the copying of a buffer without checking the size of the input data when processing the pann file. This vulnerability can be exploited by a remote attacker to execute arbitrary code. The issue arises when a specially-crafted configuration value leads to a buffer overflow, which can be triggered by modifying a configuration value.

Recommendations For TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14, consider disabling the GetValue functionality until a patch is available to prevent potential exploitation. Restrict access to the configuration values to minimize the risk of triggering the buffer overflow. Avoid using specially-crafted configuration values in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.