Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the ssid
and ssid_hex
configuration parameters, as used within the testWifiAP
XCMD handler
CPE | Name | Operator | Version |
---|---|---|---|
iota_all-in-one_security_kit_firmware | eq | 6.9.120 | |
iota_all-in-one_security_kit_firmware | eq | 6.9.122 |