cbcvebase.

Abode Systems Inc Iota All-In-One Security Kit vulnerabilities

38 known vulnerabilities affecting abode_systems_inc/iota_all-in-one_security_kit.

Total CVEs
38
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL24HIGH13MEDIUM1

Vulnerabilities

Page 2 of 2
CVE-2022-35244P3CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-35244 [CRITICAL] CWE-134 CVE-2022-35244: A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.
nvd
CVE-2022-33938P3CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-33938 [CRITICAL] CWE-134 CVE-2022-33938: A format string injection vulnerability exists in the ghome_process_control_packet functionality of A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.
nvd
CVE-2022-35876P3CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-35876 [CRITICAL] CWE-134 CVE-2022-35876: Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Sys Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigg
nvd
CVE-2022-32775P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-32775 [HIGH] CWE-190 CVE-2022-32775: An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2022-35877P3CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-35877 [CRITICAL] CWE-134 CVE-2022-35877: Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Sys Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigg
nvd
CVE-2022-35875P3CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-35875 [CRITICAL] CWE-134 CVE-2022-35875: Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Sys Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigg
nvd
CVE-2022-35887P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-35887 [HIGH] CWE-134 CVE-2022-35887: Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect func Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger thes
nvd
CVE-2022-35884P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-35884 [HIGH] CWE-134 CVE-2022-35884: Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect func Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger thes
nvd
CVE-2022-35886P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-35886 [HIGH] CWE-134 CVE-2022-35886: Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect func Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger thes
nvd
CVE-2022-35885P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-35885 [HIGH] CWE-134 CVE-2022-35885: Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect func Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger thes
nvd
CVE-2022-35874P3CRITICALCVSS 9.8v6.9Xv6.9Z2022-10-25
CVE-2022-35874 [CRITICAL] CWE-134 CVE-2022-35874: Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Sys Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigg
nvd
CVE-2022-35878P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-35878 [HIGH] CWE-134 CVE-2022-35878: Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode System Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vu
nvd
CVE-2022-35879P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-35879 [HIGH] CWE-134 CVE-2022-35879: Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode System Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vu
nvd
CVE-2022-35880P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-35880 [HIGH] CWE-134 CVE-2022-35880: Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode System Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vu
nvd
CVE-2022-35881P3HIGHCVSS 8.8v6.9Xv6.9Z2022-10-25
CVE-2022-35881 [HIGH] CWE-134 CVE-2022-35881: Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode System Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vu
nvd
CVE-2022-29475P3HIGHCVSS 8.1v6.9Xv6.9Z2022-10-25
CVE-2022-29475 [HIGH] CWE-294 CVE-2022-29475: An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. i An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd
CVE-2022-32760P3HIGHCVSS 7.5v6.9Xv6.9Z2022-10-25
CVE-2022-32760 [HIGH] CWE-489 CVE-2022-32760: A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. io A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.
nvd
CVE-2022-32574P3MEDIUMCVSS 6.5v6.9Xv6.9Z2022-10-25
CVE-2022-32574 [MEDIUM] CWE-415 CVE-2022-32574: A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of A A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
Abode Systems Inc Iota All-In-One Security Kit vulnerabilities | cvebase