Talos Vulnerability Report: TALOS-2022-1459 Summary CVE Number: CVE-2022-22144 Vulnerability: Hard-coded password vulnerability in the functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. Impact: An attacker does not need to do anything to trigger this vulnerability as the function is always called during system startup. Confirmed Vulnerable Versions TCL LinkHub Mesh Wifi MS1G_00_01.00_14 Product URL LinkHub Mesh Wifi: TCL LinkHub Mesh Wi-Fi CVSSv3 Score 7.5 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE CWE-259 - Use of Hard-coded Password Details Architecture: Node-based mesh Wi-Fi system with features standard in current Wi-Fi solutions. Management: Managed solely by a phone application, no web-based management console. Vulnerability Mechanism: During the boot process, the binary launches the function from causing a forced password change with no conditional checks. Timeline 2022-04-27 - Vendor Disclosure 2022-08-01 - Public Release Credit Discovered by Carl Hurd of Cisco Talos.