Iota All-in-one Security Kit Security Vulnerabilities and Issues — Iota All-in-one Security Kit CVE List

Lucene search

GoabodeIota All-in-one Security Kit

12 matches found

CVE•added 2022/10/25 5:15 p.m.•63 views

CVE-2022-35877

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a con...

9.8CVSS9.4AI score0.001EPSS

CVE•added 2022/10/25 5:15 p.m.•61 views

CVE-2022-35876

9.8CVSS9.4AI score0.001EPSS

CVE•added 2022/10/25 5:15 p.m.•50 views

CVE-2022-33938

A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious ...

9.8CVSS9.1AI score0.00162EPSS

CVE•added 2022/10/25 5:15 p.m.•48 views

CVE-2022-32775

An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this v...

9CVSS9AI score0.0027EPSS

CVE•added 2022/10/25 5:15 p.m.•48 views

CVE-2022-35875

9.8CVSS9.4AI score0.001EPSS

CVE•added 2022/10/25 5:15 p.m.•43 views

CVE-2022-29520

An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.

9.8CVSS9.7AI score0.00539EPSS

CVE•added 2022/10/25 5:15 p.m.•42 views

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to...

9.8CVSS9.2AI score0.00231EPSS

CVE•added 2022/10/25 5:15 p.m.•42 views

CVE-2022-35874

9.8CVSS9.4AI score0.001EPSS

CVE•added 2022/10/25 5:15 p.m.•41 views

CVE-2022-27804

An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulne...

9.8CVSS9.7AI score0.00427EPSS

CVE•added 2022/10/25 5:15 p.m.•41 views

CVE-2022-29477

An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.

9.8CVSS9.5AI score0.0005EPSS

CVE•added 2022/10/25 5:15 p.m.•41 views

CVE-2022-29889

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability.

9.8CVSS9.7AI score0.0027EPSS

CVE•added 2022/10/25 5:15 p.m.•39 views

CVE-2022-27805

An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability.

9.8CVSS9.6AI score0.00171EPSS