First published: Mon Aug 01 2022(Updated: )
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tcl Linkhub Mesh Wifi Ac1200 | =ms1g_00_01.00_14 | |
Tcl Linkhub Mesh Wifi Ac1200 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22144 is a hard-coded password vulnerability that exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14.
CVE-2022-22144 has a severity rating of 9.8, which is considered critical.
The affected software version is MS1G_00_01.00_14 of TCL LinkHub Mesh Wi-Fi AC1200.
To fix CVE-2022-22144, it is recommended to update to a patched version of the software as soon as it becomes available.
You can find more information about CVE-2022-22144 at the following link: [TALOS-2022-1459](https://talosintelligence.com/vulnerability_reports/TALOS-2022-1459).