CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/10/25 5:15 p.m.•12 views

Format string

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

6.5CVSS8.6AI score0.01573EPSS

Prion•added 2022/10/25 5:15 p.m.•12 views

Format string

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicio...

5.8CVSS8.7AI score0.00134EPSS

Prion•added 2022/10/25 5:15 p.m.•15 views

Format string

6.5CVSS8.6AI score0.01573EPSS

CVE•added 2022/10/25 4:34 p.m.•58 views

CVE-2022-35887

CVE-2022-35887 affects Abode Systems iota All-In-One Security Kit, versions 6.9Z and 6.9X. The issue stems from format string injection in the web interface’s /action/wirelessConnect handler, via the default_key_id HTTP parameter, leading to memory corruption, information disclosure, and potentia...

8.8CVSS8.9AI score0.01573EPSS

Cvelist•added 2022/10/25 4:34 p.m.•13 views

CVE-2022-35887

Vulnrichment•added 2022/10/25 4:34 p.m.•4 views

CVE-2022-35887

Cvelist•added 2022/10/25 4:34 p.m.•12 views

CVE-2022-35886

CVE•added 2022/10/25 4:34 p.m.•64 views

CVE-2022-35886

The CVE-2022-35886 issue affects Abode Systems, Inc. iota All-In-One Security Kit firmware (6.9Z and 6.9X) and stems from four format-string injection vulnerabilities in the web interface handler /action/wirelessConnect. The root cause is the misuse of the log function, where attacker-controlled ...

8.8CVSS8.6AI score0.01573EPSS

Vulnrichment•added 2022/10/25 4:34 p.m.•7 views

CVE-2022-35886

Vulnrichment•added 2022/10/25 4:34 p.m.•8 views

CVE-2022-35885

Cvelist•added 2022/10/25 4:34 p.m.•11 views

CVE-2022-35885

CVE•added 2022/10/25 4:34 p.m.•55 views

CVE-2022-35885

Four format-string injection vulnerabilities exist in Abode Systems iota All-In-One Security Kit web interface (version 6.9Z/6.9X) under /action/wirelessConnect. The issue stems from misusing a device log function as a format string argument (eg. for cmd_buffer constructed from parameters like wp...

8.8CVSS8.6AI score0.01573EPSS

CVE•added 2022/10/25 4:34 p.m.•60 views

CVE-2022-35884

CVE-2022-35884 concerns Abode Systems iota All-In-One Security Kit (versions 6.9Z–6.9X). The vulnerability is a format string injection in the web interface’s /action/wirelessConnect handler, triggered via the ssid_hex parameter in authenticated HTTP requests. The flaw can cause memory corruption...

8.8CVSS8.9AI score0.01573EPSS

Cvelist•added 2022/10/25 4:34 p.m.•13 views

CVE-2022-35884

Vulnrichment•added 2022/10/25 4:34 p.m.•5 views

CVE-2022-35884

CVE•added 2022/10/25 4:34 p.m.•58 views

CVE-2022-35881

The CVE-2022-35881 issue affects Abode Systems’ iota All-In-One Security Kit (firmware 6.9Z/6.9X) via UPnP logging format string injections. TALOS details show multiple vulnerable code paths in the UPnP handling where attacker-controlled fields (Location, ST, controlURL, and SOAP responses) are i...

8.8CVSS8.7AI score0.00134EPSS

Cvelist•added 2022/10/25 4:34 p.m.•13 views

CVE-2022-35881

7.1CVSS9AI score0.00134EPSS

Vulnrichment•added 2022/10/25 4:34 p.m.•11 views

CVE-2022-35881

7.1CVSS8.8AI score0.00134EPSS

CVE•added 2022/10/25 4:34 p.m.•63 views

CVE-2022-35880

CVE-2022-35880 concerns Abode Systems iota All-In-One Security Kit (firmware 6.9Z and 6.9X). Talos documents four UPnP logging format-string injection vulnerabilities in the device’s UPnP logging code paths, exploitable via crafted UPnP negotiation responses. The root cause is format-string misus...

8.8CVSS8.7AI score0.00134EPSS