Lucene search
K

169 matches found

Prion
Prion
added 2022/10/25 5:15 p.m.25 views

Command injection

An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...

7.5CVSS9.7AI score0.03244EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.21 views

Command injection

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

7.5CVSS9.9AI score0.03244EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.14 views

Format string

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

6.5CVSS8.6AI score0.01252EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.15 views

Format string

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

6.5CVSS8.6AI score0.01252EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.18 views

Format string

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

6.5CVSS8.6AI score0.01241EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.12 views

Hardcoded credentials

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability...

7.5CVSS9.7AI score0.01117EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.15 views

Command injection

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

7.5CVSS10AI score0.03244EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.20 views

Command injection

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

7.5CVSS9.9AI score0.03073EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.29 views

Command injection

An os command injection vulnerability exists in the web interface utilsetabodecode functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this...

7.5CVSS9.7AI score0.03635EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.17 views

Format string

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

7.5CVSS9.2AI score0.01261EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/25 4:34 p.m.65 views

CVE-2022-35887

CVE-2022-35887 affects Abode Systems iota All-In-One Security Kit, versions 6.9Z and 6.9X. The issue stems from format string injection in the web interface’s /action/wirelessConnect handler, via the default_key_id HTTP parameter, leading to memory corruption, information disclosure, and potentia...

8.8CVSS8.9AI score0.01252EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/25 4:34 p.m.68 views

CVE-2022-35886

The CVE-2022-35886 issue affects Abode Systems, Inc. iota All-In-One Security Kit firmware (6.9Z and 6.9X) and stems from four format-string injection vulnerabilities in the web interface handler /action/wirelessConnect. The root cause is the misuse of the log function, where attacker-controlled ...

8.8CVSS8.6AI score0.01241EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:34 p.m.9 views

CVE-2022-35886

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

8.2CVSS8.7AI score0.01241EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/25 4:34 p.m.22 views

CVE-2022-35885

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

8.2CVSS8.9AI score0.01241EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/25 4:34 p.m.25 views

CVE-2022-35884

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

8.2CVSS8.9AI score0.01252EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/25 4:34 p.m.6 views

CVE-2022-35875

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

8.2CVSS9.5AI score0.00861EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:34 p.m.63 views

CVE-2022-35875

Abode Systems, Inc. iota All-In-One Security Kit (versions 6.9X and 6.9Z) exposes four format-string injection flaws in the testWifiAP XCMD handler. The root cause is improper use of format strings when logging commands constructed from attacker-supplied Wi‑Fi configuration values (ssid/ssid_hex,...

9.8CVSS9.4AI score0.00861EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:34 p.m.6 views

CVE-2022-35874

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

8.2CVSS9.5AI score0.00869EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:34 p.m.57 views

CVE-2022-35874

The CVE-2022-35874 vulnerability affects Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z). It consists of four format string injection flaws in the XCMD testWifiAP handler, originating from ssid and ssid_hex configuration parameters, leading to memory corruption, information di...

9.8CVSS9.4AI score0.00869EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/25 4:34 p.m.36 views

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

9.8CVSS9.6AI score0.01261EPSS
Exploits1References1
Rows per page
Query Builder