CVE-2022-35884

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 8.2

CVSS3: 8.8

EPSS Низкий

Описание

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the ssid_hex HTTP parameter, as used within the /action/wirelessConnect handler.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585
Exploit
Technical Description
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:*:*:*:*:*:*:*

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.0165

Низкий

8.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-134

Связанные уязвимости

GHSA-62mf-g244-32xg

CVSS3: 8.8

github

больше 3 лет назад

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler.

EPSS

Процентиль: 82%

0.0165

Низкий

8.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-134