2 matches found
CVE-2022-33206
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...
CVE-2022-33206
CVE-2022-33206 affects Abode iota All-In-One Security Kit firmware 6.9X/6.9Z. The vulnerability lies in web interface /action/wirelessConnect: when WL_Enable is on, an authenticated HTTP POST can craft commands via parameters like ssid/ssid_hex, auth_mode, wpapsk/wpapsk_hex, encryp_type, key, and...