Lucene search
K

169 matches found

CVE
CVE
added 2022/10/25 4:33 p.m.76 views

CVE-2022-30603

Vulnerability summary (CVE-2022-30603) : Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z) exposes an OS command-injection in the web interface endpoint /action/iperf. The POST handler collects a user-supplied server_ip and unsafely interpolates it into a shell command, then execute...

10CVSS9.2AI score0.05332EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/25 4:33 p.m.66 views

CVE-2022-30541

The CVE-2022-30541 issue affects Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z. Talos confirms an OS command injection in the XCMD setUPnP handler, where an XMPP XML payload contains a webextport value that, if crafted, can bypass normal checks and lead to OS command execution. The pay...

10CVSS9.7AI score0.03174EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/25 4:33 p.m.60 views

CVE-2022-29520

CVE-2022-29520 affects Abode Systems iota All-In-One Security Kit (firmware 6.9Z). A crafted XCMD via setUPnP webextport can feed data into /var/in, which console_main_loop then parses as commands and executes through popen, enabling arbitrary command execution as root. TALOS details describe 6.9...

9.8CVSS9.7AI score0.02803EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/25 4:33 p.m.17 views

CVE-2022-29477

An authentication bypass vulnerability exists in the web interface /action/factory functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS9.8AI score0.01218EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.57 views

CVE-2022-29475

CVE-2022-29475 affects Abode Systems iota All-In-One Security Kit by way of the XFINDER service on UDP/55030. Talos confirms an information disclosure vulnerability that enables an attacker to replay credentials (the Auth field) after observing XFINDER traffic, enabling an authentication bypass a...

8.1CVSS7.8AI score0.00562EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:33 p.m.6 views

CVE-2022-29472

An OS command injection vulnerability exists in the web interface utilsetserialmac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this...

10CVSS9.8AI score0.04433EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.55 views

CVE-2022-29472

Summary (CVE-2022-29472): Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z) suffers an OS command injection in the web interface’s util_set_serial_mac. A specially crafted HTTP POST to /action/factorySerialMacPost can cause arbitrary commands to run as root by manipulating the U-Boo...

10CVSS9.7AI score0.04433EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:33 p.m.9 views

CVE-2022-27805

An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability...

9.8CVSS9.7AI score0.01291EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.6 views

Abode Iota 操作系统命令注入漏洞

Abode Iota is a reliable Diy home security system from Abode. An operating system command injection vulnerability exists in Abode Iota All-In-One Security Kit versions 6.9X and 6.9Z. An attacker could exploit this vulnerability to execute arbitrary commands via specially crafted HTTP requests...

10CVSS8.8AI score0.04183EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.7 views

Abode Iota 操作系统命令注入漏洞

Abode Iota is a reliable Diy home security system from Abode. An operating system command injection vulnerability exists in Abode Iota All-In-One Security Kit versions 6.9X and 6.9Z. An attacker could execute arbitrary commands by exploiting this vulnerability...

10CVSS8.8AI score0.03244EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.6 views

PT-2022-18600 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: A command injection issue exists in the web interface's util set abode code functionality, allowing arbitrary command execution via a specially-crafted HTTP...

9.8CVSS8.1AI score0.03635EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-21735 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: The issue is related to OS command injection vulnerabilities in the XCMD testWifiAP functionality. This can lead to arbitrary command execution, allowing an...

10CVSS9.7AI score0.03244EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.7 views

Abode Iota 格式化字符串错误漏洞

Abode Iota is a reliable Diy home security system from Abode. A format string error vulnerability exists in Abode Iota All-In-One Security Kit versions 6.9X and 6.9Z. The vulnerability stems from a format string injection vulnerability in the XCMD testWifiAP feature, which allows an attacker to...

9.8CVSS7.7AI score0.00869EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-5290 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit version 6.9Z Description: A hard-coded password vulnerability exists in the telnet functionality, allowing an attacker to authenticate with hard-coded credentials. This can lead to arbitrary...

10CVSS9.6AI score0.01117EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.4 views

PT-2022-19642 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: An authentication bypass issue exists in the web interface, specifically in the /action/factory functionality. This can be triggered by a specially-crafted...

9.8CVSS8.5AI score0.01218EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.7 views

PT-2022-21455 · Unknown · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: iota All-In-One Security Kit versions 6.9X and 6.9Z Description: A command injection issue exists in the XCMD doDebug functionality, allowing for arbitrary command execution through a specially-crafted XCMD. This can be triggered by sending a...

10CVSS9.7AI score0.03244EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.7 views

Abode Iota 操作系统命令注入漏洞

Abode Iota is a reliable Diy home security system from Abode. An operating system command injection vulnerability exists in Abode Iota All-In-One Security Kit versions 6.9X and 6.9Z. An attacker could exploit this vulnerability to execute arbitrary commands via specially crafted HTTP requests...

10CVSS8.8AI score0.04222EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-21446 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X through 6.9Z Description: A denial of service issue exists in the XCMD doDebug functionality. This can be triggered by a specially-crafted XCMD, allowing an attacker to send a...

8.6CVSS7.8AI score0.00879EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-22994 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9Z through 6.9X Description: The web interface of the affected system has format string injection vulnerabilities in the /action/wirelessConnect functionality. A specially-crafted HT...

8.8CVSS8.2AI score0.01252EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.6 views

PT-2022-22991 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9Z through 6.9X Description: Four format string injection issues exist in the UPnP logging functionality. A specially-crafted UPnP negotiation can lead to memory corruption,...

8.8CVSS7AI score0.00792EPSS
Exploits1References3
Rows per page
Query Builder