CVE-2022-35877

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 8.2

CVSS3: 9.8

EPSS Низкий

Описание

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the default_key_id configuration parameter, as used within the testWifiAP XCMD handler

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581
Exploit
Technical Description
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:*:*:*:*:*:*:*

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00478

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-134

Связанные уязвимости

GHSA-9x5r-j6v5-h93r

CVSS3: 9.8

github

больше 3 лет назад

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler

EPSS

Процентиль: 64%

0.00478

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-134