Sign-up

ID

VAR-202208-0142


CVE

CVE-2022-26009


TITLE

TCL Technology  of  linkhub mesh wifi ac1200  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014162

DESCRIPTION

A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TCL LinkHub Mesh Wi-Fi is a router of TCL company. The vulnerability stems from the lack of proper validation of user-provided data in the confsrv ucloud_set_node_location function. Attackers can exploit this vulnerability to execute arbitrary code on the system

Trust: 2.25

sources: NVD: CVE-2022-26009 // JVNDB: JVNDB-2022-014162 // CNVD: CNVD-2022-82023 // VULMON: CVE-2022-26009

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:Mesh Wi-Fi router

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-82023

AFFECTED PRODUCTS

vendor:tclmodel:linkhub mesh wifi ac1200scope:eqversion:ms1g_00_01.00_14

Trust: 1.0

vendor:tclmodel:linkhub mesh wifi ac1200scope:eqversion: -

Trust: 0.8

vendor:tclmodel:linkhub mesh wifi ac1200scope:eqversion:ms1g 00 01.00 14

Trust: 0.8

vendor:tclmodel:linkhub mesh wifi ac1200scope: - version: -

Trust: 0.8

vendor:tclmodel:linkhub mesh wi-fi ms1g 00 01.00 14scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-82023 // JVNDB: JVNDB-2022-014162 // NVD: CVE-2022-26009

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2022-26009
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-26009
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-26009
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-82023
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202208-1951
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2022-82023
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2022-26009
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

nvd@nist.gov: CVE-2022-26009
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-26009
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-82023 // JVNDB: JVNDB-2022-014162 // CNNVD: CNNVD-202208-1951 // NVD: CVE-2022-26009 // NVD: CVE-2022-26009

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-014162 // NVD: CVE-2022-26009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-1951

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202208-1951

PATCH

title:Patch for TCL LinkHub Mesh Wi-Fi Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/362056

Trust: 0.6

title:TCL LinkHub Mesh Wi-Fi Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203215

Trust: 0.6

sources: CNVD: CNVD-2022-82023 // CNNVD: CNNVD-202208-1951

EXTERNAL IDS

db:NVDid:CVE-2022-26009

Trust: 4.0

db:TALOSid:TALOS-2022-1483

Trust: 3.1

db:JVNDBid:JVNDB-2022-014162

Trust: 0.8

db:CNVDid:CNVD-2022-82023

Trust: 0.6

db:CNNVDid:CNNVD-202208-1951

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2022-26009

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-82023 // VULMON: CVE-2022-26009 // JVNDB: JVNDB-2022-014162 // CNNVD: CNNVD-202208-1951 // NVD: CVE-2022-26009

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2022-1483

Trust: 3.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-26009

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-26009/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/121.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-82023 // VULMON: CVE-2022-26009 // JVNDB: JVNDB-2022-014162 // CNNVD: CNNVD-202208-1951 // NVD: CVE-2022-26009

CREDITS

Discovered by Carl Hurd of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202208-1951

SOURCES

db:OTHERid: -
db:CNVDid:CNVD-2022-82023
db:VULMONid:CVE-2022-26009
db:JVNDBid:JVNDB-2022-014162
db:CNNVDid:CNNVD-202208-1951
db:NVDid:CVE-2022-26009

LAST UPDATE DATE

2025-01-30T20:16:42.393000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-82023date:2022-11-28T00:00:00
db:VULMONid:CVE-2022-26009date:2022-08-06T00:00:00
db:JVNDBid:JVNDB-2022-014162date:2023-09-14T08:13:00
db:CNNVDid:CNNVD-202208-1951date:2022-08-10T00:00:00
db:NVDid:CVE-2022-26009date:2022-08-09T19:11:48.200

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-82023date:2022-11-28T00:00:00
db:VULMONid:CVE-2022-26009date:2022-08-05T00:00:00
db:JVNDBid:JVNDB-2022-014162date:2023-09-14T00:00:00
db:CNNVDid:CNNVD-202208-1951date:2022-08-01T00:00:00
db:NVDid:CVE-2022-26009date:2022-08-05T22:15:10.953