Vulnerabilities > TCL
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-27 | CVE-2023-43481 | Code Injection vulnerability in TCL Browser TV web - Browsehere 6.65.022Dab24Cc6231221Gp An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. | 9.8 |
| 2022-08-05 | CVE-2022-27660 | Unspecified vulnerability in TCL Linkhub Mesh Wifi Ac1200 Ms1G0001.0014 A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. | 7.5 |
| 2021-07-05 | CVE-2021-35331 | Use of Externally-Controlled Format String vulnerability in TCL 8.6.11 In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. | 7.8 |
| 2020-11-10 | CVE-2020-28055 | Incorrect Permission Assignment for Critical Resource vulnerability in TCL products A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. | 7.2 |
| 2020-11-10 | CVE-2020-27403 | Unspecified vulnerability in TCL products A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. low complexity tcl | 3.3 |
| 2019-08-02 | CVE-2019-7163 | Improper Authentication vulnerability in TCL Alcatel Linkzone Firmware Mw40Vv1.0Mw40Lu02.0002 The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. | 7.5 |
| 2008-01-09 | CVE-2007-4772 | Resource Management Errors vulnerability in multiple products The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. | 4.0 |