CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-35885

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.7%

CVSS Severity

CVSS v3 Score 8.2

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585

Products affected by CVE-2022-35885

Goabode » Iota All-In-One Security Kit Firmware » Version: 6.9x

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x
Goabode » Iota All-In-One Security Kit Firmware » Version: 6.9z

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-35885

Products

Pricing

Contact Us