EUVD-2022-28943

Malicious code in bioql PyPI...

Hardcoded credentials

A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...

Buffer overflow

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

CVE-2022-22144

A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...

CVE-2022-22144

CVE-2022-22144 affects the TCL LinkHub Mesh Wi‑Fi MS1G_00_01.00_14. During boot, libcommonprod’s prod_change_root_passwd is invoked unconditionally, forcing the root password to the value “tcl-wifi” and enabling full root access without any user action. Talos confirms the vulnerability details an...

TCL LinkHub Mesh Wifi libcommonprod.so prod_change_root_passwd hard-coded password vulnerability

Talos Vulnerability Report TALOS-2022-1459 TCL LinkHub Mesh Wifi libcommonprod.so prodchangerootpasswd hard-coded password vulnerability August 1, 2022 CVE Number CVE-2022-22144 SUMMARY A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL...