CVE-2022-25996

A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-23103

A stack-based buffer overflow vulnerability exists in the confsrv confctlsetapplanguage functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability...

Buffer overflow

A buffer overflow vulnerability exists in the confsrv ucloudsetnodelocation functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-26342

Summary: CVE-2022-26342 applies to TCL LinkHub Mesh Wi‑Fi, specifically the MSP LinkHub Mesh node software. Talos documents a buffer overflow in the confsrv ucloud_set_node_location handler. The vulnerability arises from a dangerous strcpy in the path that handles the NodeLocation message (via pr...

CVE-2022-24009

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

CVE-2022-23399

A stack-based buffer overflow vulnerability exists in the confsrv setportfwdrule functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-22140

CVE-2022-22140 is a confirmed OS command injection affecting TCL LinkHub Mesh Wi‑Fi MS1G_00_01.00_14. The vulnerability occurs in confsrv ucloud_add_node, where ProtoBuffer data is parsed and the serialNum field is passed directly to doSystemCmd, resulting in arbitrary command execution via syste...

CVE-2022-21178

CVE-2022-21178 affects TCL LinkHub Mesh Wifi MS1G_00_01.00_14. The Talos analysis shows a command-injection in the confsrv/ucloud_add_new_node path. A Protobuffer message is sent to port 9003, parsed by ucloud_add_node_new, and the code builds a command using data from the packet (pkt->serialN...

PT-2022-15845 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A stack-based buffer overflow issue exists in the confsrv confctl set app language functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffe...

PT-2022-15269 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: An os command injection issue exists in the confsrv ucloud add node functionality. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicio...

TCL LinkHub Mesh Wi-Fi Buffer Overflow Vulnerability

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation.A buffer overflow vulnerability exists in TCL LinkHub Mesh Wi-Fi, which stems from a lack of proper validation of user-supplied data in the confsrv ucloudsetnodelocation function, and could be exploited by an attacker to execute arbitrary co...

TCL LinkHub Mesh Wifi confsrv set_port_fwd_rule stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1454 TCL LinkHub Mesh Wifi confsrv setportfwdrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23399 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setportfwdrule functionality of TCL LinkHub Mesh Wif...

TCL LinkHub Mesh Wifi confctl_get_guest_wlan information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1503 TCL LinkHub Mesh Wifi confctlgetguestwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27633 SUMMARY An information disclosure vulnerability exists in the confctlgetguestwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014...

TCL LinkHub Mesh Wi-Fi 操作系统命令注入漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation.TCL LinkHub Mesh Wi-Fi is vulnerable to an operating system command injection vulnerability that originates in the confsrv ucloudaddnode function and can be exploited by attackers to cause arbitrary command execution...