EUVD-2022-36249

Malicious code in bioql PyPI...

CVE-2022-33204

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

CVE-2022-33192

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

CVE-2022-29520

An OS command injection vulnerability exists in the consolemainloop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability...

CVE-2022-29477

An authentication bypass vulnerability exists in the web interface /action/factory functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability...

Hardcoded credentials

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability...

Command injection

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

CVE-2022-35886

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

CVE-2022-35884

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

CVE-2022-35875

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

CVE-2022-35874

The CVE-2022-35874 vulnerability affects Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z). It consists of four format string injection flaws in the XCMD testWifiAP handler, originating from ssid and ssid_hex configuration parameters, leading to memory corruption, information di...

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

CVE-2022-33206

CVE-2022-33206 affects Abode iota All-In-One Security Kit firmware 6.9X/6.9Z. The vulnerability lies in web interface /action/wirelessConnect: when WL_Enable is on, an authenticated HTTP POST can craft commands via parameters like ssid/ssid_hex, auth_mode, wpapsk/wpapsk_hex, encryp_type, key, and...

CVE-2022-33195

CVE-2022-33195 maps to OS command injection vulnerabilities in Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z). The vulnerability stem(s) from the XCMD testWifiAP flow: wireless config is fetched and fed into do_test_wifiap, which builds and executes OS commands without proper san...

CVE-2022-33195

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

CVE-2022-33194

CVE-2022-33194 affects Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z). The vulnerability lies in testWifiAP handling of WiFi config values: WL_Key and WL_DefaultKeyID are injected directly into OS commands (popen) without sanitization, via do_test_wifiap when WL_AuthMode is SHARE...

CVE-2022-33192

CVE-2022-33192 is an OS command injection in Abode iota All-In-One Security Kit 6.9X/6.9Z exposed via the testWifiAP XCMD. The vulnerability stems from do_test_wifiap using unsanitized wifi config values (WL_SSID or WL_SSID_HEX) in OS commands constructed and executed with popen, after fetch_wifi...

CVE-2022-33192

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

CVE-2022-33189

CVE-2022-33189 : In Abode Systems iota All-In-One Security Kit 6.9Z, the XCMD “setAlexa” accepts an XML payload containing regCode, which can be exploited to trigger a DNS discovery process via /bct/sbin/dns-sd and execute arbitrary commands. Talos details show an exploit chain: craft XCMD to set...