2 matches found
CVE-2022-21178
An os command injection vulnerability exists in the confsrv ucloudaddnewnode functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2022-21178
CVE-2022-21178 affects TCL LinkHub Mesh Wifi MS1G_00_01.00_14. The Talos analysis shows a command-injection in the confsrv/ucloud_add_new_node path. A Protobuffer message is sent to port 9003, parsed by ucloud_add_node_new, and the code builds a command using data from the packet (pkt->serialN...