CVE-2022-24025

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the sntp binary.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1463	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tcl:linkhub_mesh_wifi_ac1200:ms1g_00_01.00_14:*:*:*:*:*:*:*

cpe:2.3:h:tcl:linkhub_mesh_wifi_ac1200:-:*:*:*:*:*:*:*

History

09 Aug 2022, 19:25

Type	Values Removed	Values Added
CPE		cpe:2.3:h:tcl:linkhub_mesh_wifi_ac1200:-:::::::* cpe:2.3:o:tcl:linkhub_mesh_wifi_ac1200:ms1g_00_01.00_14:::::::*
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1463 -~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1463 - Exploit, Technical Description, Third Party Advisory
First Time		Tcl linkhub Mesh Wifi Ac1200 Tcl
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

05 Aug 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-05 22:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-24025

Mitre link : CVE-2022-24025

CVE.ORG link : CVE-2022-24025

JSON object : View

Products Affected

tcl

linkhub_mesh_wifi_ac1200

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2022-24025", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-05T22:15:10.607", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1463", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the sntp binary."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en la funcionalidad GetValue de TCL LinkHub Mesh Wi-Fi versi\u00f3n MS1G_00_01.00_14. Un valor de configuraci\u00f3n especialmente dise\u00f1ado puede conllevar a un desbordamiento del b\u00fafer. Un atacante puede modificar un valor de configuraci\u00f3n para desencadenar esta vulnerabilidad. Esta vulnerabilidad representa todas las ocurrencias de la vulnerabilidad de desbordamiento de b\u00fafer dentro del binario sntp"}], "lastModified": "2022-08-09T19:25:17.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tcl:linkhub_mesh_wifi_ac1200:ms1g_00_01.00_14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6D965B0-44C0-42B3-A470-58101F9DE79B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tcl:linkhub_mesh_wifi_ac1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20F8B735-8074-45BD-A319-9EE6D201C3C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}