Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP format string injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1581 Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35877,CVE-2022-35874,CVE-2022-35875,CVE-2022-35876 SUMMARY Four format string injection vulnerabilities exist in...

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1563 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-32586 SUMMARY An OS command injection vulnerability exists in the web interface...

Abode Systems, Inc. iota All-In-One Security Kit XCMD doDebug OS Command Injection vulnerability

Talos Vulnerability Report TALOS-2022-1556 Abode Systems, Inc. iota All-In-One Security Kit XCMD doDebug OS Command Injection vulnerability October 20, 2022 CVE Number CVE-2022-32773 SUMMARY An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota...

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect format string injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1585 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35885,CVE-2022-35886,CVE-2022-35884,CVE-2022-35887 SUMMARY Four format string injection...

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/factory* authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1554 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/factory authentication bypass vulnerability October 20, 2022 CVE Number CVE-2022-29477 SUMMARY An authentication bypass vulnerability exists in the web interface /action/factory...

Abode Systems, Inc. iota All-In-One Security Kit XCMD doDebug denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1555 Abode Systems, Inc. iota All-In-One Security Kit XCMD doDebug denial of service vulnerability October 20, 2022 CVE Number CVE-2022-32760 SUMMARY A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota...

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost integer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1564 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost integer overflow vulnerability October 20, 2022 CVE Number CVE-2022-32775 SUMMARY An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost...

Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_serial_mac OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1566 Abode Systems, Inc. iota All-In-One Security Kit web interface utilsetserialmac OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29472 SUMMARY An OS command injection vulnerability exists in the web interface utilsetserialmac...

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect OS command injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1568 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect OS command injection vulnerabilities October 20, 2022 CVE Number CVE-2022-33205,CVE-2022-33204,CVE-2022-33206,CVE-2022-33207 SUMMARY Four OS command injection...

Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1552 Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability October 20, 2022 CVE Number CVE-2022-27805 SUMMARY An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc...

Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1583 Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35879,CVE-2022-35878,CVE-2022-35881,CVE-2022-35880 SUMMARY Four format string injection vulnerabilities exist in th...

Abode Systems, Inc. iota All-In-One Security Kit XCMD setUPnP OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1557 Abode Systems, Inc. iota All-In-One Security Kit XCMD setUPnP OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-30541 SUMMARY An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota...

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability

Talos Vulnerability Report TALOS-2022-1565 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability October 20, 2022 CVE Number CVE-2022-32574 SUMMARY A double-free vulnerability exists in the web interface /action/ipcamSetParamPost...

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1562 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-30603 SUMMARY An OS command injection vulnerability exists in the web interface /action/iperf functionali...

Abode Systems, Inc. iota All-In-One Security Kit telnet hard-coded password vulnerability

Talos Vulnerability Report TALOS-2022-1569 Abode Systems, Inc. iota All-In-One Security Kit telnet hard-coded password vulnerability October 20, 2022 CVE Number CVE-2022-29889 SUMMARY A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One...

Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP OS command injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1559 Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP OS command injection vulnerabilities October 20, 2022 CVE Number CVE-2022-33194,CVE-2022-33195,CVE-2022-33193,CVE-2022-33192 SUMMARY Four OS command injection vulnerabilities exist in the...

Abode Systems, Inc. iota All-In-One Security Kit console_main_loop :sys OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1561 Abode Systems, Inc. iota All-In-One Security Kit consolemainloop :sys OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29520 SUMMARY An OS command injection vulnerability exists in the consolemainloop :sys functionality of Abode...

Abode Systems, Inc. iota All-In-One Security Kit ghome_process_control_packet format string injection vulnerability

Talos Vulnerability Report TALOS-2022-1584 Abode Systems, Inc. iota All-In-One Security Kit ghomeprocesscontrolpacket format string injection vulnerability October 20, 2022 CVE Number CVE-2022-33938 SUMMARY A format string injection vulnerability exists in the ghomeprocesscontrolpacket...

Abode Systems, Inc. iota All-In-One Security Kit XCMD setIPCam stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1560 Abode Systems, Inc. iota All-In-One Security Kit XCMD setIPCam stack-based buffer overflow vulnerability October 20, 2022 CVE Number CVE-2022-32454 SUMMARY A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode...

Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_abode_code OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1567 Abode Systems, Inc. iota All-In-One Security Kit web interface utilsetabodecode OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-27804 SUMMARY An os command injection vulnerability exists in the web interface utilsetabodecode...

Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1553 Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability October 20, 2022 CVE Number CVE-2022-29475 SUMMARY An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota...

Abode Systems, Inc. iota All-In-One Security Kit XCMD getVarHA memory corruption vulnerability

Talos Vulnerability Report TALOS-2022-1582 Abode Systems, Inc. iota All-In-One Security Kit XCMD getVarHA memory corruption vulnerability October 20, 2022 CVE Number CVE-2022-35244 SUMMARY A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iot...

Abode Systems, Inc. iota All-In-One Security Kit XCMD setAlexa OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1558 Abode Systems, Inc. iota All-In-One Security Kit XCMD setAlexa OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-33189 SUMMARY An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. io...

Robustel R1510 web_server hashFirst denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1575 Robustel R1510 webserver hashFirst denial of service vulnerability October 14, 2022 CVE Number...

Robustel R1510 sysupgrade command injection OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1576 Robustel R1510 sysupgrade command injection OS command injection vulnerability October 14, 2022 CVE Number CVE-2022-32765 SUMMARY An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and...

Robustel R1510 sysupgrade firmware update vulnerability

Talos Vulnerability Report TALOS-2022-1580 Robustel R1510 sysupgrade firmware update vulnerability October 14, 2022 CVE Number CVE-2022-34845 SUMMARY A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can...

Robustel R1510 web_server /ajax/remove/ directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1579 Robustel R1510 webserver /ajax/remove/ directory traversal vulnerability October 14, 2022 CVE Number CVE-2022-33897 SUMMARY A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A...

Robustel R1510 js_package install OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1577 Robustel R1510 jspackage install OS command injection vulnerability October 14, 2022 CVE Number CVE-2022-33150 SUMMARY An OS command injection vulnerability exists in the jspackage install functionality of Robustel R1510 3.1.16. A specially-crafted netwo...

Robustel R1510 web_server /action/import_authorized_keys/ OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1578 Robustel R1510 webserver /action/importauthorizedkeys/ OS command injection vulnerability October 14, 2022 CVE Number CVE-2022-34850 SUMMARY An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of...

VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability

Talos Vulnerability Report TALOS-2022-1587 VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability October 10, 2022 CVE Number CVE-2022-31680 SUMMARY An unsafe deserialization vulnerability exists in the Platform Services Controller functionality of VMware vCenter...

Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability

Talos Vulnerability Report TALOS-2022-1574 Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability October 4, 2022 CVE Number CVE-2022-33896 SUMMARY A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A...

uClibC and uClibC-ng libpthread linuxthreads memory corruption vulnerabilities

Talos Vulnerability Report TALOS-2022-1517 uClibC and uClibC-ng libpthread linuxthreads memory corruption vulnerabilities September 22, 2022 CVE Number CVE-2022-29503 SUMMARY A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng...

Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2022-1497 Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability August 17, 2022 CVE Number CVE-2022-35821 SUMMARY An out-of-bounds read vulnerability exists in the /proc/fdt mmap operation functionality of Microsoft Azure Sphere 22.02. A...

WWBN AVideo all cross-site request forgery (csrf) vulnerability

Talos Vulnerability Report TALOS-2022-1534 WWBN AVideo all cross-site request forgery csrf vulnerability August 16, 2022 CVE Number CVE-2022-29468 SUMMARY A cross-site request forgery CSRF vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request ca...

WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1546 WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability August 16, 2022 CVE Number CVE-2022-30534 SUMMARY An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit...

WWBN AVideo videoAddNew cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1540 WWBN AVideo videoAddNew cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-28712 SUMMARY A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2022-1486 HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability August 16, 2022 CVE Number CVE-2022-25942 SUMMARY An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to cod...

Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability

Talos Vulnerability Report TALOS-2022-1514 Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40732 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver...

HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1487 HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability August 16, 2022 CVE Number CVE-2022-26061 SUMMARY A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file...

WWBN AVideo password hash improper authentication vulnerability

Talos Vulnerability Report TALOS-2022-1545 WWBN AVideo password hash improper authentication vulnerability August 16, 2022 CVE Number CVE-2022-32282 SUMMARY An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a...

WWBN AVideo aVideoEncoder wget OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1548 WWBN AVideo aVideoEncoder wget OS command injection vulnerability August 16, 2022 CVE Number CVE-2022-32572 SUMMARY An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1485 HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability August 16, 2022 CVE Number CVE-2022-25972 SUMMARY An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to...

WWBN AVideo image403 cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1539 WWBN AVideo image403 cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-30690 SUMMARY A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability

Talos Vulnerability Report TALOS-2022-1515 Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40733 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version...

WWBN AVideo aVideoEncoderReceiveImage information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1549 WWBN AVideo aVideoEncoderReceiveImage information disclosure vulnerability August 16, 2022 CVE Number CVE-2022-32761 SUMMARY An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master...

WWBN AVideo charts tab selection cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1537 WWBN AVideo charts tab selection cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-26842 SUMMARY A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev mast...

WWBN AVideo session id privilege escalation vulnerability

Talos Vulnerability Report TALOS-2022-1535 WWBN AVideo session id privilege escalation vulnerability August 16, 2022 CVE Number CVE-2022-30605 SUMMARY A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafte...

WWBN AVideo chunkFile information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1550 WWBN AVideo chunkFile information disclosure vulnerability August 16, 2022 CVE Number CVE-2022-28710 SUMMARY An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

WWBN AVideo footer alerts cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1538 WWBN AVideo footer alerts cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-32770,CVE-2022-32772,CVE-2022-32771 SUMMARY A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and de...

WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1547 WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability August 16, 2022 CVE Number CVE-2022-30547 SUMMARY A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364...