CVE-2022-24011

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1463	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tcl:linkhub_mesh_wifi_ac1200:ms1g_00_01.00_14:*:*:*:*:*:*:*

cpe:2.3:h:tcl:linkhub_mesh_wifi_ac1200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-05 22:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-24011

Mitre link : CVE-2022-24011

CVE.ORG link : CVE-2022-24011

JSON object : View

Products Affected

tcl

linkhub_mesh_wifi_ac1200

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2022-24011", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-05T22:15:09.837", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1463", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en la funcionalidad GetValue de TCL LinkHub Mesh Wi-Fi versi\u00f3n MS1G_00_01.00_14. Un valor de configuraci\u00f3n especialmente dise\u00f1ado puede conllevar a un desbordamiento del b\u00fafer. Un atacante puede modificar un valor de configuraci\u00f3n para desencadenar esta vulnerabilidad. Esta vulnerabilidad representa todas las ocurrencias de la vulnerabilidad de desbordamiento de b\u00fafer dentro del binario device_list"}], "lastModified": "2022-08-09T19:28:24.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tcl:linkhub_mesh_wifi_ac1200:ms1g_00_01.00_14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6D965B0-44C0-42B3-A470-58101F9DE79B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tcl:linkhub_mesh_wifi_ac1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20F8B735-8074-45BD-A319-9EE6D201C3C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}