VAR-202210-1398
Vulnerability from variot - Updated: 2024-08-14 14:24Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the default_key_id HTTP parameter, as used within the /action/wirelessConnect handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 1.0,
"vendor": "goabode",
"version": "6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9z"
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": null
},
{
"model": "iota all-in-one security kit",
"scope": "eq",
"trust": 0.8,
"vendor": "abode",
"version": "abode iota all-in-one security kit firmware 6.9x"
},
{
"model": "iota all-in-one security kit",
"scope": null,
"trust": 0.8,
"vendor": "abode",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Matt Wiseman of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
}
],
"trust": 0.6
},
"cve": "CVE-2022-35887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-35887",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-35887",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-35887",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-35887",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-35887",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-35887",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1478",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. Abode Systems, Inc. of Abode iota All-In-One Security Kit A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Abode Iota is a solid DIY home security system from Abode Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35887"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "VULHUB",
"id": "VHN-432129"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35887",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1585",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432129",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432129"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"id": "VAR-202210-1398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432129"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:24:28.960000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "Format string problem (CWE-134) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1585"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35887"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35887/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432129"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432129"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-432129"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"date": "2022-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"date": "2022-10-25T17:15:55.150000",
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-432129"
},
{
"date": "2023-10-27T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2022-019823"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1478"
},
{
"date": "2022-10-27T15:16:55.107000",
"db": "NVD",
"id": "CVE-2022-35887"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abode\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0Abode\u00a0iota\u00a0All-In-One\u00a0Security\u00a0Kit\u00a0 Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1478"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…