CVE-2022-22144

A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...

Hardcoded credentials

A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...

CVE-2022-22144

CVE-2022-22144 affects the TCL LinkHub Mesh Wi‑Fi MS1G_00_01.00_14. During boot, libcommonprod’s prod_change_root_passwd is invoked unconditionally, forcing the root password to the value “tcl-wifi” and enabling full root access without any user action. Talos confirms the vulnerability details an...

TCL LinkHub Mesh Wifi libcommonprod.so prod_change_root_passwd hard-coded password vulnerability

Talos Vulnerability Report TALOS-2022-1459 TCL LinkHub Mesh Wifi libcommonprod.so prodchangerootpasswd hard-coded password vulnerability August 1, 2022 CVE Number CVE-2022-22144 SUMMARY A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL...