Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-29520

Опубликовано: 25 окт. 2022
Источник: nvd
CVSS3: 8.1
CVSS3: 9.8
EPSS Низкий

Описание

An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:*
cpe:2.3:h:goabode:iota_all-in-one_security_kit:-:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.0118
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-489
CWE-78

Связанные уязвимости

github логотип

GHSA-wr7x-h4gm-xv5v

CVSS3: 9.8
github
больше 3 лет назад

An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.

EPSS

Процентиль: 78%
0.0118
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-489
CWE-78