CVE-2022-33193

Abode iota All-In-One Security Kit (6.9X/6.9Z) is affected by CVE-2022-33193 through the testWifiAP XCMD. The vulnerability arises when the vulnerable do_test_wifiap path injects WL_WPAPSK into OS commands (popen) without sanitization, enabling OS command execution with root privileges if WL_WPAP...

CVE-2022-33192

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

CVE-2022-33150

An OS command injection vulnerability exists in the jspackage install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-32773

An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...

CVE-2022-32773

CVE-2022-32773 affects Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z). Talos details a root-level OS command injection in the XCMD doDebug handler: attacker-controlled poke value is unsafely inserted into a shell command and executed as root, enabling arbitrary command execution....

CVE-2022-32765

An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-30603

Vulnerability summary (CVE-2022-30603) : Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z) exposes an OS command-injection in the web interface endpoint /action/iperf. The POST handler collects a user-supplied server_ip and unsafely interpolates it into a shell command, then execute...

CVE-2022-30541

The CVE-2022-30541 issue affects Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z. Talos confirms an OS command injection in the XCMD setUPnP handler, where an XMPP XML payload contains a webextport value that, if crafted, can bypass normal checks and lead to OS command execution. The pay...

CVE-2022-29889

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability...

CVE-2022-29520

An OS command injection vulnerability exists in the consolemainloop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability...

CVE-2022-29520

CVE-2022-29520 affects Abode Systems iota All-In-One Security Kit (firmware 6.9Z). A crafted XCMD via setUPnP webextport can feed data into /var/in, which console_main_loop then parses as commands and executes through popen, enabling arbitrary command execution as root. TALOS details describe 6.9...

CVE-2022-29472

An OS command injection vulnerability exists in the web interface utilsetserialmac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this...

CVE-2022-29472

An OS command injection vulnerability exists in the web interface utilsetserialmac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this...

CVE-2022-27805

An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability...

CVE-2022-27804

The CVE-2022-27804 issue affects Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z). The vulnerability is an OS command injection in the web interface function util_set_abode_code. An attacker can trigger arbitrary commands by sending a crafted HTTP POST to /action/factorySerialM...

CVE-2022-27804

An os command injection vulnerability exists in the web interface utilsetabodecode functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this...

CVE-2022-27804

An os command injection vulnerability exists in the web interface utilsetabodecode functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this...

PT-2022-18600 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: A command injection issue exists in the web interface's util set abode code functionality, allowing arbitrary command execution via a specially-crafted HTTP...

Abode Iota 操作系统命令注入漏洞

Abode Iota is a reliable Diy home security system from Abode. A security vulnerability exists in Abode Iota versions 6.9X and 6.9Z. An attacker exploits the vulnerability to execute arbitrary commands via specially crafted HTTP requests...

PT-2022-21735 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: The issue is related to OS command injection vulnerabilities in the XCMD testWifiAP functionality. This can lead to arbitrary command execution, allowing an...