CVE-2022-25996

A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-23103

A stack-based buffer overflow vulnerability exists in the confsrv confctlsetapplanguage functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Buffer overflow

A buffer overflow vulnerability exists in the confsrv ucloudsetnodelocation functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability...

CVE-2022-26342

Summary: CVE-2022-26342 applies to TCL LinkHub Mesh Wi‑Fi, specifically the MSP LinkHub Mesh node software. Talos documents a buffer overflow in the confsrv ucloud_set_node_location handler. The vulnerability arises from a dangerous strcpy in the path that handles the NodeLocation message (via pr...

CVE-2022-24009

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

CVE-2022-23399

A stack-based buffer overflow vulnerability exists in the confsrv setportfwdrule functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-22140

CVE-2022-22140 is a confirmed OS command injection affecting TCL LinkHub Mesh Wi‑Fi MS1G_00_01.00_14. The vulnerability occurs in confsrv ucloud_add_node, where ProtoBuffer data is parsed and the serialNum field is passed directly to doSystemCmd, resulting in arbitrary command execution via syste...

CVE-2022-21178

CVE-2022-21178 affects TCL LinkHub Mesh Wifi MS1G_00_01.00_14. The Talos analysis shows a command-injection in the confsrv/ucloud_add_new_node path. A Protobuffer message is sent to port 9003, parsed by ucloud_add_node_new, and the code builds a command using data from the packet (pkt->serialN...

PT-2022-15845 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A stack-based buffer overflow issue exists in the confsrv confctl set app language functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffe...

PT-2022-15269 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: An os command injection issue exists in the confsrv ucloud add node functionality. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicio...

TCL LinkHub Mesh Wi-Fi Buffer Overflow Vulnerability

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation.A buffer overflow vulnerability exists in TCL LinkHub Mesh Wi-Fi, which stems from a lack of proper validation of user-supplied data in the confsrv ucloudsetnodelocation function, and could be exploited by an attacker to execute arbitrary co...

TCL LinkHub Mesh Wi-Fi 操作系统命令注入漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation.TCL LinkHub Mesh Wi-Fi is vulnerable to an operating system command injection vulnerability that originates in the confsrv ucloudaddnode function and can be exploited by attackers to cause arbitrary command execution...

TCL LinkHub Mesh Wifi confctl_get_guest_wlan information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1503 TCL LinkHub Mesh Wifi confctlgetguestwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27633 SUMMARY An information disclosure vulnerability exists in the confctlgetguestwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014...

TCL LinkHub Mesh Wifi confsrv set_port_fwd_rule stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1454 TCL LinkHub Mesh Wifi confsrv setportfwdrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23399 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setportfwdrule functionality of TCL LinkHub Mesh Wif...