CVE-2022-35885

🗓️ 25 Oct 2022 16:34:22Reported by talosType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 58 Views🌐 WEB

Four format string injection vulnerabilities in Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X web interface /action/wirelessConnect functionality can lead to memory corruption, information disclosure, and denial of service

Reporter	Title	Published	Views	Family All 8
CNNVD	Abode Iota 格式化字符串错误漏洞	20 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-35885	25 Oct 202216:34	–	cvelist
EUVD	EUVD-2022-38758	3 Oct 202520:07	–	euvd
NVD	CVE-2022-35885	25 Oct 202217:15	–	nvd
Prion	Format string	25 Oct 202217:15	–	prion
RedhatCVE	CVE-2022-35885	9 Jan 202608:40	–	redhatcve
Talos	Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect format string injection vulnerabilities	20 Oct 202200:00	–	talos
Vulnrichment	CVE-2022-35885	25 Oct 202216:34	–	vulnrichment

NVD

Vulners

Node

goabode iota_all-in-one_security_kit_firmwareMatch6.9x

goabode iota_all-in-one_security_kit_firmwareMatch6.9z

[
  {
    "vendor": "abode systems, inc.",
    "product": "iota All-In-One Security Kit",
    "versions": [
      {
        "version": "6.9X",
        "status": "affected"
      },
      {
        "version": "6.9Z",
        "status": "affected"
      }
    ]
  }
]

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2022-1585

Parameter	Position	Path	Description	CWE
wpapsk_hex	request body	/action/wirelessConnect	Format string injection vulnerability in the wirelessConnect handler allowing crafted input via wpapsk_hex to trigger memory corruption, information disclosure, and denial of service (authenticated access required).	CWE-134