Lucene search

TalosCVELIST:CVE-2022-33194

HistoryOct 25, 2022 - 4:33 p.m.

CVE-2022-33194

2022-10-2516:33:51

CWE-78

talos

www.cve.org

command injection

abode systems

xcmd

arbitrary command execution

firmware vulnerability

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

65.8%

JSON

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the WL_Key and WL_DefaultKeyID configuration values in the function located at offset 0x1c7d28 of firmware 6.9Z , and even more specifically on the command execution occuring at offset 0x1c7f6c.

CNA Affected

[
  {
    "vendor": "abode systems, inc.",
    "product": "iota All-In-One Security Kit",
    "versions": [
      {
        "version": "6.9X",
        "status": "affected"
      },
      {
        "version": "6.9Z",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1559

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

65.8%

JSON

Related for CVELIST:CVE-2022-33194