Lucene search
+L

169 matches found

CVE
CVE
added 2022/10/25 4:34 p.m.58 views

CVE-2022-35244

CVE-2022-35244 : A format string injection vulnerability affects Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z) in the XCMD getVarHA function. The issue can cause memory corruption, information disclosure, and denial of service when a specially crafted XML payload is processe...

9.8CVSS9.2AI score0.01261EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:33 p.m.9 views

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

8.2CVSS9.1AI score0.00898EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.64 views

CVE-2022-33938

The CVE-2022-33938 entry concerns Abode Systems iota All-In-One Security Kit, affected in versions 6.9Z and 6.9X. The concrete issue is a format-string injection in the ghome_process_control_packet function, triggered by a crafted XML payload sent to the device, which can cause memory corruption,...

9.8CVSS9.1AI score0.00898EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/25 4:33 p.m.53 views

CVE-2022-33206

CVE-2022-33206 affects Abode iota All-In-One Security Kit firmware 6.9X/6.9Z. The vulnerability lies in web interface /action/wirelessConnect: when WL_Enable is on, an authenticated HTTP POST can craft commands via parameters like ssid/ssid_hex, auth_mode, wpapsk/wpapsk_hex, encryp_type, key, and...

10CVSS9.8AI score0.04183EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:33 p.m.6 views

CVE-2022-33204

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

10CVSS9.9AI score0.04222EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.57 views

CVE-2022-33204

The primary CVE, CVE-2022-33204, affects Abode Systems iota All-In-One Security Kit (firmware 6.9X/6.9Z). Affected component: web interface /action/wirelessConnect. Root cause: if the HTTP POST supplies ssid_hex, an authenticated attacker can inject commands without neutralization, executing as r...

10CVSS9.9AI score0.04222EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/25 4:33 p.m.27 views

CVE-2022-33195

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS10AI score0.03244EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/25 4:33 p.m.9 views

CVE-2022-33195

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS10AI score0.03244EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.60 views

CVE-2022-33195

CVE-2022-33195 maps to OS command injection vulnerabilities in Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z). The vulnerability stem(s) from the XCMD testWifiAP flow: wireless config is fetched and fed into do_test_wifiap, which builds and executes OS commands without proper san...

10CVSS10AI score0.03244EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:33 p.m.8 views

CVE-2022-33194

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS10AI score0.03073EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.57 views

CVE-2022-33194

CVE-2022-33194 affects Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z). The vulnerability lies in testWifiAP handling of WiFi config values: WL_Key and WL_DefaultKeyID are injected directly into OS commands (popen) without sanitization, via do_test_wifiap when WL_AuthMode is SHARE...

10CVSS10AI score0.03073EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/25 4:33 p.m.31 views

CVE-2022-33192

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS10AI score0.03244EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.65 views

CVE-2022-33192

CVE-2022-33192 is an OS command injection in Abode iota All-In-One Security Kit 6.9X/6.9Z exposed via the testWifiAP XCMD. The vulnerability stems from do_test_wifiap using unsanitized wifi config values (WL_SSID or WL_SSID_HEX) in OS commands constructed and executed with popen, after fetch_wifi...

10CVSS10AI score0.03244EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:33 p.m.12 views

CVE-2022-33189

An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...

10CVSS7.8AI score0.03244EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.49 views

CVE-2022-33189

CVE-2022-33189 : In Abode Systems iota All-In-One Security Kit 6.9Z, the XCMD “setAlexa” accepts an XML payload containing regCode, which can be exploited to trigger a DNS discovery process via /bct/sbin/dns-sd and execute arbitrary commands. Talos details show an exploit chain: craft XCMD to set...

10CVSS9.7AI score0.03244EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/25 4:33 p.m.40 views

CVE-2022-32773

An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...

10CVSS9.9AI score0.03244EPSS
Exploits1References1
CVE
CVE
added 2022/10/25 4:33 p.m.55 views

CVE-2022-32760

Affected product: Abode Systems iota All-In-One Security Kit (versions 6.9X–6.9Z). Vulnerability vector: XCMD doDebug function accepts a crafted XML payload via XMPP; specifically the parameter triggers a fault. Root cause: doDebug parses crash and writes to address 0x0, crashing the /root/hpgw ...

8.6CVSS7.3AI score0.00879EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/25 4:33 p.m.59 views

CVE-2022-32586

Abode Systems iota All-In-One Security Kit (versions 6.9X and 6.9Z) contains an OS command injection vulnerability in the web interface endpoint /action/ipcamRecordPost. The TALOS-2022-1563 write-up confirms that an authenticated HTTP request can trigger arbitrary command execution by parsing POS...

8.8CVSS9.2AI score0.03787EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/25 4:33 p.m.72 views

CVE-2022-32574

The CVE-2022-32574 entry relates to Abode Systems iota All-In-One Security Kit (versions 6.9X/6.9Z) and is triggered via the web interface POST /action/ipcamSetParamPost. Talos details confirm a double-free vulnerability in the handling of a POST payload, where an attacker-controlled size paramet...

7.5CVSS7AI score0.01487EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 4:33 p.m.7 views

CVE-2022-32454

A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability...

10CVSS9.9AI score0.01559EPSS
Exploits1References1
Rows per page
Query Builder