SB2022080313 - Multiple vulnerabilities in TCL LinkHub Mesh Wifi
Published: August 3, 2022 Updated: August 4, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 42 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2022-27660)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the confctl_set_guest_wlan functionality. A remote attacker on the local network can bypass implemented security restrictions and perform a denial of service (DoS) attack.
2) Improper access control (CVE-ID: CVE-2022-26346)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the ucloud_del_node functionality. A remote attacker can bypass implemented security restrictions and perform a denial of service (DoS) attack.
3) Improper access control (CVE-ID: CVE-2022-27178)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the confctl_set_wan_cfg functionality. A remote attacker on the local network can bypass implemented security restrictions and gain unauthorized access to the application.
4) Information disclosure (CVE-ID: CVE-2022-27633)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the confctl_get_guest_wlan functionality. A remote attacker can gain unauthorized access to sensitive information on the system.
5) Stack-based buffer overflow (CVE-ID: CVE-2022-26009)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the confsrv ucloud_set_node_location functionality. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) OS Command Injection (CVE-ID: CVE-2022-22140)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the confsrv ucloud_add_node functionality. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) OS Command Injection (CVE-ID: CVE-2022-21178)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the confsrv ucloud_add_new_node functionality. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Information disclosure (CVE-ID: CVE-2022-27630)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the confctl_get_master_wlan functionality. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
9) Improper access control (CVE-ID: CVE-2022-27185)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the confctl_set_master_wlan functionality. A remote attacker on the local network can bypass implemented security restrictions and perform a denial of service (DoS) attack.
10) Buffer overflow (CVE-ID: CVE-2022-24029)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "rp-pppoe.so". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Buffer overflow (CVE-ID: CVE-2022-24014)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "logserver". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Buffer overflow (CVE-ID: CVE-2022-24026)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "telnet_ate_monitor". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Buffer overflow (CVE-ID: CVE-2022-24005)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "ap_steer". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Buffer overflow (CVE-ID: CVE-2022-24015)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "log_upload". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Buffer overflow (CVE-ID: CVE-2022-24017)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "miniupnpd". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Buffer overflow (CVE-ID: CVE-2022-24022)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "pann". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Buffer overflow (CVE-ID: CVE-2022-24008)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "confcli". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Buffer overflow (CVE-ID: CVE-2022-24028)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "libcommonprod.so". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Buffer overflow (CVE-ID: CVE-2022-24019)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "netctrl". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Buffer overflow (CVE-ID: CVE-2022-24010)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "cwmpd". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Buffer overflow (CVE-ID: CVE-2022-24009)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "confsrv". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Buffer overflow (CVE-ID: CVE-2022-24007)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "cfm". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Buffer overflow (CVE-ID: CVE-2022-24020)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "network_check". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Buffer overflow (CVE-ID: CVE-2022-24006)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "arpbrocast". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Buffer overflow (CVE-ID: CVE-2022-24013)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "gpio_ctrl". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Buffer overflow (CVE-ID: CVE-2022-24023)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "pppd". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Buffer overflow (CVE-ID: CVE-2022-24012)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "fota". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Buffer overflow (CVE-ID: CVE-2022-24025)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "sntp". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Buffer overflow (CVE-ID: CVE-2022-24024)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "rtk_ate". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Buffer overflow (CVE-ID: CVE-2022-24021)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "online_process". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Buffer overflow (CVE-ID: CVE-2022-24018)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "multiWAN". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Buffer overflow (CVE-ID: CVE-2022-24016)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "mesh_status_check". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Buffer overflow (CVE-ID: CVE-2022-24011)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "device_list". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Buffer overflow (CVE-ID: CVE-2022-24027)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the GetValue functionality in "libcommon.so". A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Stack-based buffer overflow (CVE-ID: CVE-2022-23399)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the confsrv set_port_fwd_rule functionality. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
36) Stack-based buffer overflow (CVE-ID: CVE-2022-25996)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the confsrv addTimeGroup functionality. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
37) Stack-based buffer overflow (CVE-ID: CVE-2022-23103)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the confsrv confctl_set_app_language functionality. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
38) Stack-based buffer overflow (CVE-ID: CVE-2022-21201)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the confers ucloud_add_node_new functionality. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Use of Hard-coded Password (CVE-ID: CVE-2022-22144)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the software contains a hard-coded password in the libcommonprod.so prod_change_root_passwd functionality. A remote attacker on the local network can gain access to root password.
40) Buffer overflow (CVE-ID: CVE-2022-26342)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the confsrv ucloud_set_node_location functionality. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) Stack-based buffer overflow (CVE-ID: CVE-2022-23918)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the confsrv set_mf_rule functionality in the "ethAddr memcpy". A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Stack-based buffer overflow (CVE-ID: CVE-2022-23919)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the confsrv set_mf_rule functionality in the "name memcpy". A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1502
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1507
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1506
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1503
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1483
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1458
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1457
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1504
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1505
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1463
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1454
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1482
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1462
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1456
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1459
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1484
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1455