Abode Systems Inc Iota All-In-One Security Kit vulnerabilities
38 known vulnerabilities affecting abode_systems_inc/iota_all-in-one_security_kit.
Total CVEs
38
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL24HIGH13MEDIUM1
Vulnerabilities
Page 1 of 2
CVE-2022-33192P2CRITICALCVSS 10.0v6.9Xv6.9Z2022-10-25
CVE-2022-33192 [CRITICAL] CWE-78 CVE-2022-33192: Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode System
Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of th
nvd
CVE-2022-33194P2CRITICALCVSS 10.0v6.9Xv6.9Z2022-10-25
CVE-2022-33194 [CRITICAL] CWE-78 CVE-2022-33194: Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode System
Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` an
nvd
CVE-2022-33204P2CRITICALCVSS 9.9v6.9Xv6.9Z2022-10-25
CVE-2022-33204 [CRITICAL] CWE-78 CVE-2022-33204: Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functi
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerabilit
nvd
CVE-2022-33207P2CRITICALCVSS 9.9v6.9Xv6.9Z2022-10-25
CVE-2022-33207 [CRITICAL] CWE-78 CVE-2022-33207: Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functi
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerabilit
nvd
CVE-2022-33205P2CRITICALCVSS 9.9v6.9Xv6.9Z2022-10-25
CVE-2022-33205 [CRITICAL] CWE-78 CVE-2022-33205: Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functi
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerabilit
nvd
CVE-2022-33195P2CRITICALCVSS 10.0v6.9Xv6.9Z2022-10-25
CVE-2022-33195 [CRITICAL] CWE-78 CVE-2022-33195: Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode System
Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Default
nvd
CVE-2022-33193P2CRITICALCVSS 10.0v6.9Xv6.9Z2022-10-25
CVE-2022-33193 [CRITICAL] CWE-78 CVE-2022-33193: Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode System
Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of th
nvd
CVE-2022-33206P2CRITICALCVSS 9.9v6.9Xv6.9Z2022-10-25
CVE-2022-33206 [CRITICAL] CWE-78 CVE-2022-33206: Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functi
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerabilit
nvd
CVE-2022-29472P2CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-29472 [CRITICAL] CWE-78 CVE-2022-29472: An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality
An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-32773P2CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-32773 [CRITICAL] CWE-78 CVE-2022-32773: An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc
An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability.
nvd
CVE-2022-33189P2CRITICALCVSS 9.8v6.9Z2022-10-25
CVE-2022-33189 [CRITICAL] CWE-78 CVE-2022-33189: An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, In
An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability.
nvd
CVE-2022-30541P2CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-30541 [CRITICAL] CWE-78 CVE-2022-30541: An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc
An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability.
nvd
CVE-2022-29520P2CRITICALCVSS 9.8v6.9Z2022-10-25
CVE-2022-29520 [CRITICAL] CWE-489 CVE-2022-29520: An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Sy
An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.
nvd
CVE-2022-27804P2CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-27804 [CRITICAL] CWE-78 CVE-2022-27804: An os command injection vulnerability exists in the web interface util_set_abode_code functionality
An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-30603P2HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-30603 [HIGH] CWE-78 CVE-2022-30603: An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abo
An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2022-27805P2CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-27805 [CRITICAL] CWE-284 CVE-2022-27805: An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, I
An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability.
nvd
CVE-2022-32586P2HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-32586 [HIGH] CWE-78 CVE-2022-32586: An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functional
An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2022-32454P2CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-32454 [CRITICAL] CWE-121 CVE-2022-32454: A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Syste
A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability.
nvd
CVE-2022-29477P3CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-29477 [CRITICAL] CWE-798 CVE-2022-29477: An authentication bypass vulnerability exists in the web interface /action/factory* functionality of
An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-29889P3CRITICALCVSS 9.8v6.9Z2022-10-25
CVE-2022-29889 [CRITICAL] CWE-798 CVE-2022-29889: A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota A
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability.
nvd
1 / 2Next →