3 matches found
CVE-2022-29520
An OS command injection vulnerability exists in the consolemainloop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability...
CVE-2022-29520
CVE-2022-29520 affects Abode Systems iota All-In-One Security Kit (firmware 6.9Z). A crafted XCMD via setUPnP webextport can feed data into /var/in, which console_main_loop then parses as commands and executes through popen, enabling arbitrary command execution as root. TALOS details describe 6.9...
Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them
Matt Wiseman of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in the Abode Systems iota All-In-One Security Kit. This kit includes a main security camera and hub that can alert users of unwanted movement in their homes. It also includes...