CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2022/10/25 4:34 p.m.•68 views

CVE-2022-35879

Summary (CVE-2022-35879) Abode Systems iota All-In-One Security Kit (versions 6.9Z and 6.9X) contains UPnP logging format-string injection vulnerabilities. Root cause: attacker-controlled data exposed to a vulnerable log() path (via DoEnumUPnPService and DoUpdateUPnPbyService), which uses vsnprin...

8.8CVSS8.7AI score0.00134EPSS

Vulnrichment•added 2022/10/25 4:34 p.m.•3 views

CVE-2022-35879

7.1CVSS8.8AI score0.00134EPSS

Cvelist•added 2022/10/25 4:34 p.m.•13 views

CVE-2022-35879

7.1CVSS9AI score0.00134EPSS

CVE•added 2022/10/25 4:34 p.m.•64 views

CVE-2022-35878

The provided TALOS/NVD entries describe CVE-2022-35878 as four UPnP logging format-string injection vulnerabilities in Abode Systems, Inc. iota All-In-One Security Kit (firmware 6.9Z/6.9X). The root cause is attacker-controlled format string data passed to a vulnerable log function from DoEnumUPn...

8.8CVSS8.7AI score0.00134EPSS

Cvelist•added 2022/10/25 4:34 p.m.•12 views

CVE-2022-35878

7.1CVSS9AI score0.00134EPSS

Vulnrichment•added 2022/10/25 4:34 p.m.•8 views

CVE-2022-35878

7.1CVSS8.8AI score0.00134EPSS

CVE•added 2022/10/25 4:34 p.m.•75 views

CVE-2022-35877

Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z) contains four format string injection flaws in the XCMD handler testWifiAP, caused by improper handling of the default_key_id configuration parameter. This leads to memory corruption, information disclosure, and denial of service...

Vulnrichment•added 2022/10/25 4:34 p.m.•5 views

CVE-2022-35877

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

Cvelist•added 2022/10/25 4:34 p.m.•17 views

CVE-2022-35877

Cvelist•added 2022/10/25 4:34 p.m.•14 views

CVE-2022-35876

Vulnrichment•added 2022/10/25 4:34 p.m.•7 views

CVE-2022-35876

CVE•added 2022/10/25 4:34 p.m.•73 views

CVE-2022-35876

Four format-string injection vulnerabilities exist in Abode Systems, Inc. iota All-In-One Security Kit (firmware 6.9X/6.9Z) within the XCMD testWifiAP path. The root cause is usage of attacker-controlled configuration values (default_key_id and key) in log/command construction for Wi‑Fi setup, en...

Vulnrichment•added 2022/10/25 4:34 p.m.•5 views

CVE-2022-35875

Cvelist•added 2022/10/25 4:34 p.m.•13 views

CVE-2022-35875

CVE•added 2022/10/25 4:34 p.m.•57 views

CVE-2022-35875

Abode Systems, Inc. iota All-In-One Security Kit (versions 6.9X and 6.9Z) exposes four format-string injection flaws in the testWifiAP XCMD handler. The root cause is improper use of format strings when logging commands constructed from attacker-supplied Wi‑Fi configuration values (ssid/ssid_hex,...

CVE•added 2022/10/25 4:34 p.m.•54 views

CVE-2022-35874

The CVE-2022-35874 vulnerability affects Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z). It consists of four format string injection flaws in the XCMD testWifiAP handler, originating from ssid and ssid_hex configuration parameters, leading to memory corruption, information di...

Cvelist•added 2022/10/25 4:34 p.m.•13 views

CVE-2022-35874

Vulnrichment•added 2022/10/25 4:34 p.m.•6 views

CVE-2022-35874

Cvelist•added 2022/10/25 4:34 p.m.•14 views

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

9.8CVSS9.6AI score0.00686EPSS