OS Command Injection Vulnerability in Abode Systems' Iota All-In-One Security Kit
CVE-2022-27804

8HIGH

Key Information:

Vendor: Adobe
Status: Iota All-in-one Security Kit
Vendor: CVE Published:; 25 October 2022

Summary

An OS command injection vulnerability has been identified in the web interface's util_set_abode_code functionality of Abode Systems, Inc.'s iota All-In-One Security Kit. This flaw allows attackers to execute arbitrary commands by sending a specially-crafted HTTP request, which can compromise the security of the device. It is crucial for users to be aware of this vulnerability and implement necessary patches to mitigate potential risks.

Affected Version(s)

iota All-In-One Security Kit 6.9X

iota All-In-One Security Kit 6.9Z

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Jun 13, 2022