Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi Device
CVE-2022-24005

9.6CRITICAL

Key Information:

Vendor

Tcl

Status
Linkhub Mesh Wifi
Vendor
CVE Published:
5 August 2022

What is CVE-2022-24005?

A buffer overflow vulnerability exists in the GetValue functionality of the TCL LinkHub Mesh Wi-Fi device. By supplying a specially-crafted configuration value, an attacker can manipulate the device's normal operation, leading to potential exploitation. This issue is present across all occurrences of buffer overflow vulnerabilities within the ap_steer binary, posing significant risks to network integrity.

Affected Version(s)

LinkHub Mesh Wifi MS1G_00_01.00_14

References

https://talosintelligence.com/vulnerability_reports/TALOS...
x_refsource_MISC

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

CVSS V3.0

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.