Search
Find a vulnerability
Search criteria
62 vulnerabilities by goabode
VAR-202210-1396
Vulnerability from variot - Updated: 2024-08-14 14:24Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the default_key_id and key HTTP parameters, as used within the /action/wirelessConnect handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"db": "NVD",
"id": "CVE-2022-35886"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1473"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35886",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35886",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35886",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35886",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35886",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35886",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35886",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1473",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1473"
},
{
"db": "NVD",
"id": "CVE-2022-35886"
},
{
"db": "NVD",
"id": "CVE-2022-35886"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35886"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1473"
},
{
"db": "VULHUB",
"id": "VHN-432128"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35886",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1585",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019824",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1473",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432128",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1473"
},
{
"db": "NVD",
"id": "CVE-2022-35886"
}
]
},
"id": "VAR-202210-1396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432128"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:24:29.009000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"db": "NVD",
"id": "CVE-2022-35886"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1585"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35886"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35886/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1473"
},
{
"db": "NVD",
"id": "CVE-2022-35886"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432128"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1473"
},
{
"db": "NVD",
"id": "CVE-2022-35886"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432128"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1473"
},
{
"date": "2022-10-25T17:15:55.080000",
"db": "NVD",
"id": "CVE-2022-35886"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-432128"
},
{
"date": "2023-10-27T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2022-019824"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1473"
},
{
"date": "2022-10-27T15:18:06.890000",
"db": "NVD",
"id": "CVE-2022-35886"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019824"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1473"
}
],
"trust": 0.6
}
}
VAR-202210-1397
Vulnerability from variot - Updated: 2024-08-14 14:24Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the ssid_hex HTTP parameter, as used within the /action/wirelessConnect handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"db": "NVD",
"id": "CVE-2022-35884"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1476"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35884",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35884",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35884",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35884",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35884",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35884",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35884",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1476",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1476"
},
{
"db": "NVD",
"id": "CVE-2022-35884"
},
{
"db": "NVD",
"id": "CVE-2022-35884"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1476"
},
{
"db": "VULHUB",
"id": "VHN-432126"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35884",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1585",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019826",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1476",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432126",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1476"
},
{
"db": "NVD",
"id": "CVE-2022-35884"
}
]
},
"id": "VAR-202210-1397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432126"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:24:28.984000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"db": "NVD",
"id": "CVE-2022-35884"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1585"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35884"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35884/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1476"
},
{
"db": "NVD",
"id": "CVE-2022-35884"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1476"
},
{
"db": "NVD",
"id": "CVE-2022-35884"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432126"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1476"
},
{
"date": "2022-10-25T17:15:54.960000",
"db": "NVD",
"id": "CVE-2022-35884"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-432126"
},
{
"date": "2023-10-27T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2022-019826"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1476"
},
{
"date": "2022-10-27T15:17:58.400000",
"db": "NVD",
"id": "CVE-2022-35884"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1476"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019826"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1476"
}
],
"trust": 0.6
}
}
VAR-202210-1398
Vulnerability from variot - Updated: 2024-08-14 14:24Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the default_key_id HTTP parameter, as used within the /action/wirelessConnect handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35887",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35887",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35887",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35887",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35887",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35887",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1478",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35887"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "VULHUB",
"id": "VHN-432129"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35887",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1585",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432129",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432129"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"id": "VAR-202210-1398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432129"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:24:28.960000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1585"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35887"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35887/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432129"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432129"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432129"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"date": "2022-10-25T17:15:55.150000",
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-432129"
},
{
"date": "2023-10-27T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"date": "2022-10-27T15:16:55.107000",
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
}
],
"trust": 0.6
}
}
VAR-202210-1399
Vulnerability from variot - Updated: 2024-08-14 14:24Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the wpapsk_hex HTTP parameter, as used within the /action/wirelessConnect handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"db": "NVD",
"id": "CVE-2022-35885"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1471"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35885",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35885",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35885",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35885",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35885",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35885",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35885",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1471",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1471"
},
{
"db": "NVD",
"id": "CVE-2022-35885"
},
{
"db": "NVD",
"id": "CVE-2022-35885"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35885"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1471"
},
{
"db": "VULHUB",
"id": "VHN-432127"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35885",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1585",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019825",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1471",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432127",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1471"
},
{
"db": "NVD",
"id": "CVE-2022-35885"
}
]
},
"id": "VAR-202210-1399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432127"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:24:28.935000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"db": "NVD",
"id": "CVE-2022-35885"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1585"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35885"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35885/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1471"
},
{
"db": "NVD",
"id": "CVE-2022-35885"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432127"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1471"
},
{
"db": "NVD",
"id": "CVE-2022-35885"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432127"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1471"
},
{
"date": "2022-10-25T17:15:55.017000",
"db": "NVD",
"id": "CVE-2022-35885"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-432127"
},
{
"date": "2023-10-27T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2022-019825"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1471"
},
{
"date": "2022-10-27T15:18:02.893000",
"db": "NVD",
"id": "CVE-2022-35885"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019825"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1471"
}
],
"trust": 0.6
}
}
VAR-202210-1506
Vulnerability from variot - Updated: 2024-08-14 14:10Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the default_key_id and key configuration parameters, as used within the testWifiAP XCMD handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"db": "NVD",
"id": "CVE-2022-35876"
}
]
},
"cve": "CVE-2022-35876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35876",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35876",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35876",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35876",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35876",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-35876",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2080",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2080"
},
{
"db": "NVD",
"id": "CVE-2022-35876"
},
{
"db": "NVD",
"id": "CVE-2022-35876"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2080"
},
{
"db": "VULHUB",
"id": "VHN-432122"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35876",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1581",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019024",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2080",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432122"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2080"
},
{
"db": "NVD",
"id": "CVE-2022-35876"
}
]
},
"id": "VAR-202210-1506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432122"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:31.092000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"db": "NVD",
"id": "CVE-2022-35876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1581"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35876"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35876/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432122"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2080"
},
{
"db": "NVD",
"id": "CVE-2022-35876"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432122"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2080"
},
{
"db": "NVD",
"id": "CVE-2022-35876"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432122"
},
{
"date": "2023-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2080"
},
{
"date": "2022-10-25T17:15:54.623000",
"db": "NVD",
"id": "CVE-2022-35876"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-432122"
},
{
"date": "2023-10-24T05:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-019024"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2080"
},
{
"date": "2022-10-28T01:28:30.133000",
"db": "NVD",
"id": "CVE-2022-35876"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019024"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2080"
}
],
"trust": 0.6
}
}
VAR-202210-1509
Vulnerability from variot - Updated: 2024-08-14 14:10Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the default_key_id configuration parameter, as used within the testWifiAP XCMD handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1509",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"db": "NVD",
"id": "CVE-2022-35877"
}
]
},
"cve": "CVE-2022-35877",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35877",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35877",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35877",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35877",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35877",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-35877",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2079",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2079"
},
{
"db": "NVD",
"id": "CVE-2022-35877"
},
{
"db": "NVD",
"id": "CVE-2022-35877"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35877"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2079"
},
{
"db": "VULHUB",
"id": "VHN-432123"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35877",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1581",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019025",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2079",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432123",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432123"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2079"
},
{
"db": "NVD",
"id": "CVE-2022-35877"
}
]
},
"id": "VAR-202210-1509",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432123"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:31.068000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"db": "NVD",
"id": "CVE-2022-35877"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1581"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35877"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35877/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432123"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2079"
},
{
"db": "NVD",
"id": "CVE-2022-35877"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432123"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2079"
},
{
"db": "NVD",
"id": "CVE-2022-35877"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432123"
},
{
"date": "2023-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2079"
},
{
"date": "2022-10-25T17:15:54.680000",
"db": "NVD",
"id": "CVE-2022-35877"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-432123"
},
{
"date": "2023-10-24T05:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-019025"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2079"
},
{
"date": "2022-10-28T01:28:27.337000",
"db": "NVD",
"id": "CVE-2022-35877"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2079"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019025"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2079"
}
],
"trust": 0.6
}
}
VAR-202210-1507
Vulnerability from variot - Updated: 2024-08-14 14:10Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the ssid and ssid_hex configuration parameters, as used within the testWifiAP XCMD handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"db": "NVD",
"id": "CVE-2022-35874"
}
]
},
"cve": "CVE-2022-35874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35874",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35874",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35874",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35874",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35874",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-35874",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2083",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2083"
},
{
"db": "NVD",
"id": "CVE-2022-35874"
},
{
"db": "NVD",
"id": "CVE-2022-35874"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35874"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2083"
},
{
"db": "VULHUB",
"id": "VHN-432120"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35874",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1581",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019022",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2083",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432120",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432120"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2083"
},
{
"db": "NVD",
"id": "CVE-2022-35874"
}
]
},
"id": "VAR-202210-1507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432120"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:31.044000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"db": "NVD",
"id": "CVE-2022-35874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1581"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35874"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35874/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432120"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2083"
},
{
"db": "NVD",
"id": "CVE-2022-35874"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432120"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2083"
},
{
"db": "NVD",
"id": "CVE-2022-35874"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432120"
},
{
"date": "2023-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2083"
},
{
"date": "2022-10-25T17:15:54.510000",
"db": "NVD",
"id": "CVE-2022-35874"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-432120"
},
{
"date": "2023-10-24T05:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-019022"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2083"
},
{
"date": "2022-10-28T01:28:33.887000",
"db": "NVD",
"id": "CVE-2022-35874"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019022"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2083"
}
],
"trust": 0.6
}
}
VAR-202210-1508
Vulnerability from variot - Updated: 2024-08-14 14:10Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the wpapsk configuration parameter, as used within the testWifiAP XCMD handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"db": "NVD",
"id": "CVE-2022-35875"
}
]
},
"cve": "CVE-2022-35875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35875",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35875",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35875",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35875",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-35875",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2081",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2081"
},
{
"db": "NVD",
"id": "CVE-2022-35875"
},
{
"db": "NVD",
"id": "CVE-2022-35875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35875"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2081"
},
{
"db": "VULHUB",
"id": "VHN-432121"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35875",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1581",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019023",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2081",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432121",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432121"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2081"
},
{
"db": "NVD",
"id": "CVE-2022-35875"
}
]
},
"id": "VAR-202210-1508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432121"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:31.020000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"db": "NVD",
"id": "CVE-2022-35875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1581"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35875"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35875/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432121"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2081"
},
{
"db": "NVD",
"id": "CVE-2022-35875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432121"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2081"
},
{
"db": "NVD",
"id": "CVE-2022-35875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432121"
},
{
"date": "2023-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2081"
},
{
"date": "2022-10-25T17:15:54.567000",
"db": "NVD",
"id": "CVE-2022-35875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-432121"
},
{
"date": "2023-10-24T05:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-019023"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2081"
},
{
"date": "2022-10-28T01:28:31.967000",
"db": "NVD",
"id": "CVE-2022-35875"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2081"
}
],
"trust": 0.6
}
}
VAR-202210-1548
Vulnerability from variot - Updated: 2024-08-14 14:10Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the WL_WPAPSK configuration value in the function located at offset 0x1c7d28 of firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation. An attacker can use this vulnerability to execute arbitrary commands
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"db": "NVD",
"id": "CVE-2022-33193"
}
]
},
"cve": "CVE-2022-33193",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33193",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33193",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33193",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33193",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33193",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2093",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2093"
},
{
"db": "NVD",
"id": "CVE-2022-33193"
},
{
"db": "NVD",
"id": "CVE-2022-33193"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation. An attacker can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33193"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2093"
},
{
"db": "VULHUB",
"id": "VHN-425332"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33193",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1559",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019864",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2093",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-425332",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425332"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2093"
},
{
"db": "NVD",
"id": "CVE-2022-33193"
}
]
},
"id": "VAR-202210-1548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425332"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:30.995000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Abode Iota Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212114"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2093"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425332"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"db": "NVD",
"id": "CVE-2022-33193"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1559"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33193"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33193/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425332"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2093"
},
{
"db": "NVD",
"id": "CVE-2022-33193"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425332"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2093"
},
{
"db": "NVD",
"id": "CVE-2022-33193"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-425332"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2093"
},
{
"date": "2022-10-25T17:15:52.967000",
"db": "NVD",
"id": "CVE-2022-33193"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-425332"
},
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019864"
},
{
"date": "2022-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2093"
},
{
"date": "2022-10-26T18:52:58.227000",
"db": "NVD",
"id": "CVE-2022-33193"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019864"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2093"
}
],
"trust": 0.6
}
}
VAR-202210-1546
Vulnerability from variot - Updated: 2024-08-14 14:10Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the WL_Key and WL_DefaultKeyID configuration values in the function located at offset 0x1c7d28 of firmware 6.9Z , and even more specifically on the command execution occuring at offset 0x1c7f6c. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation. An attacker can use this vulnerability to execute arbitrary commands
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1546",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"db": "NVD",
"id": "CVE-2022-33194"
}
]
},
"cve": "CVE-2022-33194",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33194",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33194",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33194",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33194",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33194",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2092",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2092"
},
{
"db": "NVD",
"id": "CVE-2022-33194"
},
{
"db": "NVD",
"id": "CVE-2022-33194"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation. An attacker can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33194"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2092"
},
{
"db": "VULHUB",
"id": "VHN-425333"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33194",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1559",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019863",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2092",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-425333",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425333"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2092"
},
{
"db": "NVD",
"id": "CVE-2022-33194"
}
]
},
"id": "VAR-202210-1546",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425333"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:30.971000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Abode Iota Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212113"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425333"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"db": "NVD",
"id": "CVE-2022-33194"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1559"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33194"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33194/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425333"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2092"
},
{
"db": "NVD",
"id": "CVE-2022-33194"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425333"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2092"
},
{
"db": "NVD",
"id": "CVE-2022-33194"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-425333"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2092"
},
{
"date": "2022-10-25T17:15:53.030000",
"db": "NVD",
"id": "CVE-2022-33194"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-425333"
},
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019863"
},
{
"date": "2022-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2092"
},
{
"date": "2022-10-26T18:52:46.840000",
"db": "NVD",
"id": "CVE-2022-33194"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2092"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019863"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2092"
}
],
"trust": 0.6
}
}
VAR-202210-1549
Vulnerability from variot - Updated: 2024-08-14 14:10Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the WL_SSID and WL_SSID_HEX configuration values in the function at offset 0x1c7d28 of firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation. An attacker can use this vulnerability to execute arbitrary commands
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1549",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"db": "NVD",
"id": "CVE-2022-33192"
}
]
},
"cve": "CVE-2022-33192",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33192",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33192",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33192",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33192",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33192",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2091",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2091"
},
{
"db": "NVD",
"id": "CVE-2022-33192"
},
{
"db": "NVD",
"id": "CVE-2022-33192"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation. An attacker can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33192"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2091"
},
{
"db": "VULHUB",
"id": "VHN-425331"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33192",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1559",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019865",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2091",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-425331",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425331"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2091"
},
{
"db": "NVD",
"id": "CVE-2022-33192"
}
]
},
"id": "VAR-202210-1549",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425331"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:30.946000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Abode Iota Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212112"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2091"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425331"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"db": "NVD",
"id": "CVE-2022-33192"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1559"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33192"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33192/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425331"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2091"
},
{
"db": "NVD",
"id": "CVE-2022-33192"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425331"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2091"
},
{
"db": "NVD",
"id": "CVE-2022-33192"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-425331"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2091"
},
{
"date": "2022-10-25T17:15:52.907000",
"db": "NVD",
"id": "CVE-2022-33192"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-425331"
},
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019865"
},
{
"date": "2022-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2091"
},
{
"date": "2022-10-26T18:52:18.230000",
"db": "NVD",
"id": "CVE-2022-33192"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2091"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2091"
}
],
"trust": 0.6
}
}
VAR-202210-1547
Vulnerability from variot - Updated: 2024-08-14 14:10Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the WL_DefaultKeyID in the function located at offset 0x1c7d28 of firmware 6.9Z, and even more specifically on the command execution occuring at offset 0x1c7fac. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation. An attacker can use this vulnerability to execute arbitrary commands
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1547",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"db": "NVD",
"id": "CVE-2022-33195"
}
]
},
"cve": "CVE-2022-33195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33195",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33195",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33195",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33195",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33195",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2094",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2094"
},
{
"db": "NVD",
"id": "CVE-2022-33195"
},
{
"db": "NVD",
"id": "CVE-2022-33195"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation. An attacker can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33195"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2094"
},
{
"db": "VULHUB",
"id": "VHN-425334"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33195",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1559",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019862",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2094",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-425334",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425334"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2094"
},
{
"db": "NVD",
"id": "CVE-2022-33195"
}
]
},
"id": "VAR-202210-1547",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425334"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:10:30.920000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Abode Iota Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212115"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425334"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"db": "NVD",
"id": "CVE-2022-33195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1559"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33195"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33195/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425334"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2094"
},
{
"db": "NVD",
"id": "CVE-2022-33195"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425334"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2094"
},
{
"db": "NVD",
"id": "CVE-2022-33195"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-425334"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2094"
},
{
"date": "2022-10-25T17:15:53.087000",
"db": "NVD",
"id": "CVE-2022-33195"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-425334"
},
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019862"
},
{
"date": "2022-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2094"
},
{
"date": "2022-10-26T18:52:51.797000",
"db": "NVD",
"id": "CVE-2022-33195"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2094"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019862"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2094"
}
],
"trust": 0.6
}
}
VAR-202210-1393
Vulnerability from variot - Updated: 2024-08-14 14:02Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via controlURL XML tag, as used within the DoUpdateUPnPbyService action handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"db": "NVD",
"id": "CVE-2022-35879"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1487"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35879",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35879",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35879",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35879",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35879",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35879",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35879",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1487",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1487"
},
{
"db": "NVD",
"id": "CVE-2022-35879"
},
{
"db": "NVD",
"id": "CVE-2022-35879"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35879"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1487"
},
{
"db": "VULHUB",
"id": "VHN-429597"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35879",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1583",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019829",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1487",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-429597",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429597"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1487"
},
{
"db": "NVD",
"id": "CVE-2022-35879"
}
]
},
"id": "VAR-202210-1393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-429597"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:18.907000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"db": "NVD",
"id": "CVE-2022-35879"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1583"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35879"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35879/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429597"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1487"
},
{
"db": "NVD",
"id": "CVE-2022-35879"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-429597"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1487"
},
{
"db": "NVD",
"id": "CVE-2022-35879"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-429597"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1487"
},
{
"date": "2022-10-25T17:15:54.793000",
"db": "NVD",
"id": "CVE-2022-35879"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-429597"
},
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019829"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1487"
},
{
"date": "2022-10-27T15:58:40.377000",
"db": "NVD",
"id": "CVE-2022-35879"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1487"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019829"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1487"
}
],
"trust": 0.6
}
}
VAR-202210-1391
Vulnerability from variot - Updated: 2024-08-14 14:02Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via errorCode and errorDescription XML tags, as used within the DoUpdateUPnPbyService action handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"db": "NVD",
"id": "CVE-2022-35881"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1494"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35881",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35881",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35881",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35881",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35881",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35881",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35881",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1494",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1494"
},
{
"db": "NVD",
"id": "CVE-2022-35881"
},
{
"db": "NVD",
"id": "CVE-2022-35881"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35881"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1494"
},
{
"db": "VULHUB",
"id": "VHN-429590"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35881",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1583",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019827",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1494",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-429590",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429590"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1494"
},
{
"db": "NVD",
"id": "CVE-2022-35881"
}
]
},
"id": "VAR-202210-1391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-429590"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:18.882000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"db": "NVD",
"id": "CVE-2022-35881"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1583"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35881"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35881/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429590"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1494"
},
{
"db": "NVD",
"id": "CVE-2022-35881"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-429590"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1494"
},
{
"db": "NVD",
"id": "CVE-2022-35881"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-429590"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1494"
},
{
"date": "2022-10-25T17:15:54.903000",
"db": "NVD",
"id": "CVE-2022-35881"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-429590"
},
{
"date": "2023-10-27T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2022-019827"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1494"
},
{
"date": "2022-10-27T15:58:49.897000",
"db": "NVD",
"id": "CVE-2022-35881"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1494"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019827"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1494"
}
],
"trust": 0.6
}
}
VAR-202210-1392
Vulnerability from variot - Updated: 2024-08-14 14:02Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via NewInternalClient XML tag, as used within the DoUpdateUPnPbyService action handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"db": "NVD",
"id": "CVE-2022-35880"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1491"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35880",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35880",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35880",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35880",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35880",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35880",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35880",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1491",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1491"
},
{
"db": "NVD",
"id": "CVE-2022-35880"
},
{
"db": "NVD",
"id": "CVE-2022-35880"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35880"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1491"
},
{
"db": "VULHUB",
"id": "VHN-429593"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35880",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1583",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019828",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1491",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-429593",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429593"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1491"
},
{
"db": "NVD",
"id": "CVE-2022-35880"
}
]
},
"id": "VAR-202210-1392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-429593"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:18.856000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"db": "NVD",
"id": "CVE-2022-35880"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1583"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35880"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35880/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429593"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1491"
},
{
"db": "NVD",
"id": "CVE-2022-35880"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-429593"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1491"
},
{
"db": "NVD",
"id": "CVE-2022-35880"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-429593"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1491"
},
{
"date": "2022-10-25T17:15:54.847000",
"db": "NVD",
"id": "CVE-2022-35880"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-429593"
},
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019828"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1491"
},
{
"date": "2022-10-27T15:58:45.447000",
"db": "NVD",
"id": "CVE-2022-35880"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1491"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1491"
}
],
"trust": 0.6
}
}
VAR-202210-1390
Vulnerability from variot - Updated: 2024-08-14 14:02Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via ST and Location HTTP response headers, as used within the DoEnumUPnPService action handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1390",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"db": "NVD",
"id": "CVE-2022-35878"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1488"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35878",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35878",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35878",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35878",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35878",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35878",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1488",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1488"
},
{
"db": "NVD",
"id": "CVE-2022-35878"
},
{
"db": "NVD",
"id": "CVE-2022-35878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35878"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1488"
},
{
"db": "VULHUB",
"id": "VHN-429596"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35878",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1583",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019830",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1488",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-429596",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429596"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1488"
},
{
"db": "NVD",
"id": "CVE-2022-35878"
}
]
},
"id": "VAR-202210-1390",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-429596"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:15.409000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"db": "NVD",
"id": "CVE-2022-35878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1583"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35878"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35878/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429596"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1488"
},
{
"db": "NVD",
"id": "CVE-2022-35878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-429596"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1488"
},
{
"db": "NVD",
"id": "CVE-2022-35878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-429596"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1488"
},
{
"date": "2022-10-25T17:15:54.737000",
"db": "NVD",
"id": "CVE-2022-35878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-429596"
},
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019830"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1488"
},
{
"date": "2022-10-27T15:58:32.627000",
"db": "NVD",
"id": "CVE-2022-35878"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019830"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1488"
}
],
"trust": 0.6
}
}
VAR-202210-1578
Vulnerability from variot - Updated: 2024-08-14 13:21Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the default_key_id HTTP parameter to construct an OS Command at offset 0x19B234 of the /root/hpgw binary included in firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1578",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"db": "NVD",
"id": "CVE-2022-33207"
}
]
},
"cve": "CVE-2022-33207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33207",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2022-33207",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.9,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33207",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33207",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33207",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33207",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2087",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2087"
},
{
"db": "NVD",
"id": "CVE-2022-33207"
},
{
"db": "NVD",
"id": "CVE-2022-33207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2087"
},
{
"db": "VULHUB",
"id": "VHN-425338"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33207",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1568",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019858",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2087",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-425338",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425338"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2087"
},
{
"db": "NVD",
"id": "CVE-2022-33207"
}
]
},
"id": "VAR-202210-1578",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425338"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:21:35.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Abode Iota Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212216"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425338"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"db": "NVD",
"id": "CVE-2022-33207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1568"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33207"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33207/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425338"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2087"
},
{
"db": "NVD",
"id": "CVE-2022-33207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425338"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2087"
},
{
"db": "NVD",
"id": "CVE-2022-33207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-425338"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2087"
},
{
"date": "2022-10-25T17:15:53.320000",
"db": "NVD",
"id": "CVE-2022-33207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-425338"
},
{
"date": "2023-10-27T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-019858"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2087"
},
{
"date": "2022-10-27T13:23:53.917000",
"db": "NVD",
"id": "CVE-2022-33207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019858"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2087"
}
],
"trust": 0.6
}
}
VAR-202210-1576
Vulnerability from variot - Updated: 2024-08-14 13:21Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the wpapsk_hex HTTP parameter to construct an OS Command at offset 0x19b0ac of the /root/hpgw binary included in firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1576",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"db": "NVD",
"id": "CVE-2022-33205"
}
]
},
"cve": "CVE-2022-33205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33205",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2022-33205",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.9,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33205",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33205",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33205",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33205",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2089",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2089"
},
{
"db": "NVD",
"id": "CVE-2022-33205"
},
{
"db": "NVD",
"id": "CVE-2022-33205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2089"
},
{
"db": "VULHUB",
"id": "VHN-425336"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33205",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1568",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019860",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2089",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-425336",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425336"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2089"
},
{
"db": "NVD",
"id": "CVE-2022-33205"
}
]
},
"id": "VAR-202210-1576",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425336"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:21:35.372000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Abode Iota Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212218"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425336"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"db": "NVD",
"id": "CVE-2022-33205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1568"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33205"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33205/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425336"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2089"
},
{
"db": "NVD",
"id": "CVE-2022-33205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425336"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2089"
},
{
"db": "NVD",
"id": "CVE-2022-33205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-425336"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2089"
},
{
"date": "2022-10-25T17:15:53.207000",
"db": "NVD",
"id": "CVE-2022-33205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-425336"
},
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019860"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2089"
},
{
"date": "2022-10-27T13:24:18.577000",
"db": "NVD",
"id": "CVE-2022-33205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2089"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019860"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2089"
}
],
"trust": 0.6
}
}
VAR-202210-1577
Vulnerability from variot - Updated: 2024-08-14 13:21Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the ssid_hex HTTP parameter to construct an OS Command at offset 0x19afc0 of the /root/hpgw binary included in firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1577",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"db": "NVD",
"id": "CVE-2022-33204"
}
]
},
"cve": "CVE-2022-33204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33204",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2022-33204",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.9,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33204",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33204",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33204",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33204",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2090",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2090"
},
{
"db": "NVD",
"id": "CVE-2022-33204"
},
{
"db": "NVD",
"id": "CVE-2022-33204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2090"
},
{
"db": "VULHUB",
"id": "VHN-425335"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33204",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1568",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019861",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2090",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-425335",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425335"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2090"
},
{
"db": "NVD",
"id": "CVE-2022-33204"
}
]
},
"id": "VAR-202210-1577",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425335"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:21:35.347000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Abode Iota Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212219"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425335"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"db": "NVD",
"id": "CVE-2022-33204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1568"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33204"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33204/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425335"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2090"
},
{
"db": "NVD",
"id": "CVE-2022-33204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425335"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2090"
},
{
"db": "NVD",
"id": "CVE-2022-33204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-425335"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2090"
},
{
"date": "2022-10-25T17:15:53.147000",
"db": "NVD",
"id": "CVE-2022-33204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-425335"
},
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019861"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2090"
},
{
"date": "2022-10-27T13:24:31.113000",
"db": "NVD",
"id": "CVE-2022-33204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2090"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019861"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2090"
}
],
"trust": 0.6
}
}
VAR-202210-1575
Vulnerability from variot - Updated: 2024-08-14 13:21Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the key and default_key_id HTTP parameters to construct an OS Command crafted at offset 0x19b1f4 of the /root/hpgw binary included in firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1575",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"db": "NVD",
"id": "CVE-2022-33206"
}
]
},
"cve": "CVE-2022-33206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-33206",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2022-33206",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.9,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33206",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-33206",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33206",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-33206",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2088",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2088"
},
{
"db": "NVD",
"id": "CVE-2022-33206"
},
{
"db": "NVD",
"id": "CVE-2022-33206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z. Abode Systems, Inc. of Abode iota All-In-One Security Kit The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33206"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2088"
},
{
"db": "VULHUB",
"id": "VHN-425337"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33206",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1568",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019859",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2088",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-425337",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425337"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2088"
},
{
"db": "NVD",
"id": "CVE-2022-33206"
}
]
},
"id": "VAR-202210-1575",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425337"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:21:35.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Abode Iota Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212217"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425337"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"db": "NVD",
"id": "CVE-2022-33206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1568"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33206"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33206/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425337"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2088"
},
{
"db": "NVD",
"id": "CVE-2022-33206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425337"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2088"
},
{
"db": "NVD",
"id": "CVE-2022-33206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-425337"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2088"
},
{
"date": "2022-10-25T17:15:53.263000",
"db": "NVD",
"id": "CVE-2022-33206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-425337"
},
{
"date": "2023-10-27T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-019859"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2088"
},
{
"date": "2022-10-27T13:24:05.180000",
"db": "NVD",
"id": "CVE-2022-33206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019859"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2088"
}
],
"trust": 0.6
}
}
CVE-2022-35887 (GCVE-0-2022-35887)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:41
VLAI
Summary
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35887",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:17:48.455835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:41:27.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T22:11:40.626Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35887",
"datePublished": "2022-10-25T16:34:24.333Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:41:27.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35886 (GCVE-0-2022-35886)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:41
VLAI
Summary
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35886",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:17:51.830989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:41:35.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T22:11:40.626Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35886",
"datePublished": "2022-10-25T16:34:23.373Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:41:35.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35885 (GCVE-0-2022-35885)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:41
VLAI
Summary
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35885",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:17:55.252840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:41:46.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T22:11:40.626Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35885",
"datePublished": "2022-10-25T16:34:22.339Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:41:46.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35884 (GCVE-0-2022-35884)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:41
VLAI
Summary
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:17:59.157749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:41:57.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T22:11:40.626Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35884",
"datePublished": "2022-10-25T16:34:21.353Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:41:57.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35881 (GCVE-0-2022-35881)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:42
VLAI
Summary
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
Date Public
2022-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35881",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:36.689362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:42:12.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"datePublic": "2022-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35881",
"datePublished": "2022-10-25T16:34:20.328Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:42:12.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35880 (GCVE-0-2022-35880)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:42
VLAI
Summary
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
Date Public
2022-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35880",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:39.935579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:42:26.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"datePublic": "2022-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35880",
"datePublished": "2022-10-25T16:34:19.367Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:42:26.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35879 (GCVE-0-2022-35879)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:42
VLAI
Summary
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
Date Public
2022-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35879",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:43.151664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:42:35.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"datePublic": "2022-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35879",
"datePublished": "2022-10-25T16:34:18.345Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:42:35.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35878 (GCVE-0-2022-35878)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:42
VLAI
Summary
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
Date Public
2022-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:46.391540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:42:48.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"datePublic": "2022-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35878",
"datePublished": "2022-10-25T16:34:17.358Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:42:48.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35877 (GCVE-0-2022-35877)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:42
VLAI
Summary
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35877",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:18:03.743608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:42:57.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T22:11:40.626Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35877",
"datePublished": "2022-10-25T16:34:16.353Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:42:57.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35876 (GCVE-0-2022-35876)
Vulnerability from nvd – Published: 2022-10-25 16:34 – Updated: 2025-04-15 18:43
VLAI
Summary
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abode systems, inc. | iota All-In-One Security Kit |
Affected:
6.9X
Affected: 6.9Z |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35876",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:18:08.508638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:43:08.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iota All-In-One Security Kit",
"vendor": "abode systems, inc.",
"versions": [
{
"status": "affected",
"version": "6.9X"
},
{
"status": "affected",
"version": "6.9Z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T22:11:40.626Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-35876",
"datePublished": "2022-10-25T16:34:15.364Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:43:08.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}