CVE-2022-29520
published 2022-10-25CVE-2022-29520: An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.80%
84.7th percentile
An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| abode_systems_inc | iota_all-in-one_security_kit | — | — |
| goabode | iota_all-in-one_security_kit_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them
blogs_talos·2022-10-20·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them
## Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them
Matt Wiseman of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered several vulnerabilities in the Abode Systems iota All-In-One Security Kit. This kit includes a main security camera and hub that can alert users of unwanted movement in their homes. It also includes several motion sensors that can be attached to windows and doors.
The devices communicate with the user via a website or app on their mobile device and can connect to smart hubs like Google Home, Amazon Alexa and Apple Homekit.
The vulnerabilities Talos discovered could lead to a variety of conditions, including providing attackers with the ability to chang
Talos
Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them
blogs_talos·2022-10-20·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them
Matt Wiseman of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered several vulnerabilities in the Abode Systems iota All-In-One Security Kit. This kit includes a main security camera and hub that can alert users of unwanted movement in their homes. It also includes several motion sensors that can be attached to windows and doors.
The devices communicate with the user via a website or app on their mobile device and can connect to smart hubs like Google Home, Amazon Alexa and Apple Homekit.
The vulnerabilities Talos discovered could lead to a variety of conditions, including providing attackers with the ability to change users’ login passwords, inject code onto the device, manipulate sensitive device configurations, and cause the system to shut down.
The device
2022-10-25
Published