CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2022/10/25 4:34 p.m.•17 views

CVE-2022-35875

8.2CVSS9.7AI score0.00861EPSS

CVE•added 2022/10/25 4:34 p.m.•60 views

CVE-2022-35875

Abode Systems, Inc. iota All-In-One Security Kit (versions 6.9X and 6.9Z) exposes four format-string injection flaws in the testWifiAP XCMD handler. The root cause is improper use of format strings when logging commands constructed from attacker-supplied Wi‑Fi configuration values (ssid/ssid_hex,...

9.8CVSS9.4AI score0.00861EPSS

Vulnrichment•added 2022/10/25 4:34 p.m.•6 views

CVE-2022-35874

8.2CVSS9.5AI score0.00869EPSS

Cvelist•added 2022/10/25 4:34 p.m.•39 views

CVE-2022-35874

8.2CVSS9.7AI score0.00869EPSS

CVE•added 2022/10/25 4:34 p.m.•56 views

CVE-2022-35874

The CVE-2022-35874 vulnerability affects Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z). It consists of four format string injection flaws in the XCMD testWifiAP handler, originating from ssid and ssid_hex configuration parameters, leading to memory corruption, information di...

9.8CVSS9.4AI score0.00869EPSS

CVE•added 2022/10/25 4:34 p.m.•55 views

CVE-2022-35244

CVE-2022-35244 : A format string injection vulnerability affects Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z) in the XCMD getVarHA function. The issue can cause memory corruption, information disclosure, and denial of service when a specially crafted XML payload is processe...

9.8CVSS9.2AI score0.01261EPSS

Vulnrichment•added 2022/10/25 4:34 p.m.•8 views

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

9.8CVSS9.3AI score0.01261EPSS

Cvelist•added 2022/10/25 4:34 p.m.•34 views

CVE-2022-35244

9.8CVSS9.6AI score0.01261EPSS

Cvelist•added 2022/10/25 4:33 p.m.•29 views

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

8.2CVSS9.4AI score0.00898EPSS

Vulnrichment•added 2022/10/25 4:33 p.m.•9 views

CVE-2022-33938

8.2CVSS9.1AI score0.00898EPSS

CVE•added 2022/10/25 4:33 p.m.•61 views

CVE-2022-33938

The CVE-2022-33938 entry concerns Abode Systems iota All-In-One Security Kit, affected in versions 6.9Z and 6.9X. The concrete issue is a format-string injection in the ghome_process_control_packet function, triggered by a crafted XML payload sent to the device, which can cause memory corruption,...

9.8CVSS9.1AI score0.00898EPSS

CNNVD•added 2022/10/25 12:0 a.m.•5 views

Abode Iota 格式化字符串错误漏洞

Abode Iota is a reliable Diy home security system from Abode. A format string error vulnerability exists in Abode Iota All-In-One Security Kit versions 6.9X and 6.9Z. The vulnerability stems from a format string injection vulnerability in the XCMD testWifiAP feature, which allows an attacker to...

9.8CVSS7.7AI score0.00869EPSS

CNNVD•added 2022/10/25 12:0 a.m.•4 views

Abode Iota 格式化字符串错误漏洞

9.8CVSS7.7AI score0.00869EPSS

Positive Technologies•added 2022/10/25 12:0 a.m.•5 views

PT-2022-22651 · Unknown · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: iota All-In-One Security Kit versions 6.9X and 6.9Z Description: A format string injection issue exists in the XCMD getVarHA functionality, allowing a specially-crafted XCMD to cause memory corruption, information disclosure, and denial of...

9.8CVSS9.3AI score0.01261EPSS

Positive Technologies•added 2022/10/25 12:0 a.m.•5 views

PT-2022-22997 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9Z and 6.9X Description: The issue arises from format string injection via the default key id HTTP parameter in the /action/wirelessConnect handler. A specially-crafted HTTP request...

8.8CVSS8AI score0.01252EPSS

CNNVD•added 2022/10/25 12:0 a.m.•5 views

Abode Iota 格式化字符串错误漏洞

Abode Iota is a reliable Diy home security system from Abode. A format string error vulnerability exists in Abode Iota All-In-One Security Kit versions 6.9X and 6.9Z, which stems from a format string injection vulnerability in the XCMD testWifiAP feature, which allows an attacker to modify the...

9.8CVSS7.9AI score0.00861EPSS

Positive Technologies•added 2022/10/25 12:0 a.m.•5 views

PT-2022-22985 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: The issue arises from format string injection via the ssid and ssid hex configuration parameters within the testWifiAP XCMD handler. Specially-crafted...

9.8CVSS8.2AI score0.00869EPSS

Positive Technologies•added 2022/10/25 12:0 a.m.•5 views

PT-2022-22994 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9Z through 6.9X Description: The web interface of the affected system has format string injection vulnerabilities in the /action/wirelessConnect functionality. A specially-crafted HT...

8.8CVSS8.2AI score0.01252EPSS

Positive Technologies•added 2022/10/25 12:0 a.m.•7 views

PT-2022-22986 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: The issue arises from format string injection via the wpapsk configuration parameter within the testWifiAP XCMD handler. Specially-crafted configuration valu...

9.8CVSS8.2AI score0.00861EPSS