Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit
CVE-2022-35874

8.2HIGH

Key Information:

Vendor: Adobe
Status: Iota All-in-one Security Kit
Vendor: CVE Published:; 25 October 2022

What is CVE-2022-35874?

The iota All-In-One Security Kit from Abode Systems introduces vulnerabilities in its XCMD testWifiAP functionality, specifically through the ssid and ssid_hex configuration parameters. Attackers can exploit these format string injection vulnerabilities by crafting malicious configuration values. This can result in serious consequences including memory corruption, unauthorized information disclosure, and potential denial of service. Users are strongly advised to update their affected products to safeguard against these types of attacks.

Affected Version(s)

iota All-In-One Security Kit 6.9X

iota All-In-One Security Kit 6.9Z

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Jul 15, 2022

Adobe

What is CVE-2022-35874?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline