2 matches found
CVE-2022-32773
CVE-2022-32773 affects Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z). Talos details a root-level OS command injection in the XCMD doDebug handler: attacker-controlled poke value is unsafely inserted into a shell command and executed as root, enabling arbitrary command execution....
CVE-2022-32773
An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...