Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-35244

Опубликовано: 25 окт. 2022
Источник: nvd
CVSS3: 9.8
CVSS3: 9.8
EPSS Низкий

Описание

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:*
cpe:2.3:h:goabode:iota_all-in-one_security_kit:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:*:*:*:*:*:*:*
cpe:2.3:h:goabode:iota_all-in-one_security_kit:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%
0.0065
Низкий

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-134
CWE-134

Связанные уязвимости

github логотип

GHSA-pf44-6c4p-6mp7

CVSS3: 9.8
github
больше 3 лет назад

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.

EPSS

Процентиль: 70%
0.0065
Низкий

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-134
CWE-134