3 matches found
CVE-2022-33189
CVE-2022-33189 : In Abode Systems iota All-In-One Security Kit 6.9Z, the XCMD “setAlexa” accepts an XML payload containing regCode, which can be exploited to trigger a DNS discovery process via /bct/sbin/dns-sd and execute arbitrary commands. Talos details show an exploit chain: craft XCMD to set...
CVE-2022-33189
An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...
Abode Systems, Inc. iota All-In-One Security Kit XCMD setAlexa OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1558 Abode Systems, Inc. iota All-In-One Security Kit XCMD setAlexa OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-33189 SUMMARY An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. io...