cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-35887,https://securityvulnerability.io/vulnerability/CVE-2022-35887,Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit,"Multiple format string injection vulnerabilities exist in the web interface specifically within the /action/wirelessConnect functionality of the iota All-In-One Security Kit by Abode Systems. An attacker could exploit these vulnerabilities by sending a specially-crafted HTTP request that manipulates the `default_key_id` parameter, potentially leading to memory corruption, unauthorized information exposure, and service interruptions. The vulnerabilities highlight significant security risks that can be triggered by authenticated users.",Adobe,Iota All-in-one Security Kit,8.2,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-27805,https://securityvulnerability.io/vulnerability/CVE-2022-27805,Authentication Bypass in Abode Systems iota All-In-One Security Kit,"A vulnerability in the control functionality of Abode Systems' iota All-In-One Security Kit allows attackers to bypass authentication. This issue arises when a specially-crafted network request is made, enabling arbitrary XCMD execution. By sending a malicious XML payload, an attacker can exploit this vulnerability, compromising the security of affected devices.",Adobe,Iota All-in-one Security Kit,9.8,CRITICAL,0.0017000000225380063,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-29472,https://securityvulnerability.io/vulnerability/CVE-2022-29472,Command Injection Flaw in Abode Systems iota Security Kit,"An OS command injection vulnerability impacts the web interface's util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit. By crafting a malicious HTTP request, an attacker could execute arbitrary commands on the device, potentially compromising its security and functionality. Promptly securing devices against this type of threat is essential to maintain safe operation.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.0029800001066178083,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-29475,https://securityvulnerability.io/vulnerability/CVE-2022-29475,Information Disclosure Vulnerability in Abode Systems iota All-In-One Security Kit,"An information disclosure vulnerability has been identified in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z. This vulnerability allows attackers to exploit a specially-crafted man-in-the-middle attack, enabling them to potentially gain increased privileges and sensitive information from affected devices.",Adobe,Iota All-in-one Security Kit,4.7,MEDIUM,0.002300000051036477,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-29477,https://securityvulnerability.io/vulnerability/CVE-2022-29477,Authentication Bypass Vulnerability in Abode Systems iota All-In-One Security Kit,"An authentication bypass vulnerability exists in the web interface of the iota All-In-One Security Kit manufactured by Abode Systems, Inc. This vulnerability can be exploited through the /action/factory* functionality, where an attacker may craft a malicious HTTP header to bypass authentication measures. By sending a specifically tailored HTTP request, unauthorized access could be gained to the device's features.",Adobe,Iota All-in-one Security Kit,8.6,HIGH,0.00343000004068017,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-29520,https://securityvulnerability.io/vulnerability/CVE-2022-29520,OS Command Injection in Abode Systems iota All-In-One Security Kit,"An OS command injection vulnerability has been identified in the console_main_loop functionality of Abode Systems' iota All-In-One Security Kit 6.9Z. This flaw allows an attacker to execute arbitrary commands on the affected system by sending specially-crafted XML payloads. If successfully exploited, this vulnerability can compromise the security of the device, enabling unauthorized access and control. Users of this device are encouraged to follow best practices for security and keep their firmware updated.",Adobe,Iota All-in-one Security Kit,8.1,HIGH,0.002469999948516488,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-29889,https://securityvulnerability.io/vulnerability/CVE-2022-29889,Hard-Coded Password Vulnerability in Abode Systems iota All-In-One Security Kit,"A hard-coded password vulnerability exists in the telnet functionality of Abode Systems' iota All-In-One Security Kit 6.9Z. This vulnerability allows attackers to exploit the hard-coded root password, enabling unauthorized access and potential execution of arbitrary commands. As a result, the security integrity of the device is compromised, posing serious risks to user data and system operations.",Adobe,Iota All-in-one Security Kit,9.8,CRITICAL,0.004269999917596579,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-30541,https://securityvulnerability.io/vulnerability/CVE-2022-30541,OS Command Injection in Abode Systems iota All-In-One Security Kit,"An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems' iota All-In-One Security Kit versions 6.9X and 6.9Z. By sending a maliciously crafted XML payload, an attacker may exploit this vulnerability to execute arbitrary commands on the affected device, posing significant risks to the system's integrity and security.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.002469999948516488,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-30603,https://securityvulnerability.io/vulnerability/CVE-2022-30603,OS Command Injection Vulnerability in Abode Systems iota Security Kit,"An OS command injection vulnerability has been identified in the web interface of Abode Systems' iota All-In-One Security Kit, specifically in the /action/iperf functionality. This vulnerability allows attackers to execute arbitrary commands on the host system by sending specially-crafted HTTP requests. If an attacker successfully authenticates, they can exploit this flaw, leading to unauthorized command execution and potentially compromising the security of the device.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.001560000004246831,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-32454,https://securityvulnerability.io/vulnerability/CVE-2022-32454,Stack-Based Buffer Overflow in Abode iota All-In-One Security Kit,"A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of the iota All-In-One Security Kit from Abode Systems, Inc. Exploitation occurs when an attacker sends a specially-crafted XCMD command that includes a malicious XML payload. This vulnerability can allow remote code execution, posing significant security risks to the affected devices. Users are advised to update their systems promptly to mitigate the potential exploits associated with this vulnerability.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.0055599999614059925,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-32574,https://securityvulnerability.io/vulnerability/CVE-2022-32574,Double-Free Vulnerability in Abode Systems iota All-In-One Security Kit,"A double-free vulnerability in the web interface functionality of Abode Systems' iota All-In-One Security Kit can be exploited through a specially-crafted HTTP request, potentially leading to memory corruption. An attacker with the necessary authentication can trigger this vulnerability, putting the device at risk.",Adobe,Iota All-in-one Security Kit,7.5,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-32586,https://securityvulnerability.io/vulnerability/CVE-2022-32586,OS Command Injection Vulnerability in Abode iota All-In-One Security Kit,"An OS command injection vulnerability exists in the web interface functionality of Abode Systems, Inc. iota All-In-One Security Kit, affecting versions 6.9X and 6.9Z. This vulnerability allows attackers to exploit the /action/ipcamRecordPost endpoint through specially-crafted HTTP requests, enabling arbitrary command execution on the device. Such an exploit requires authenticated access, making it crucial for users to implement security measures to prevent unauthorized access and mitigate potential risks associated with this vulnerability.",Adobe,Iota All-in-one Security Kit,8,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-35884,https://securityvulnerability.io/vulnerability/CVE-2022-35884,Format String Injection in Abode Systems iota All-In-One Security Kit,"Abode Systems iota All-In-One Security Kit is susceptible to four format string injection vulnerabilities affecting the /action/wirelessConnect functionality. Attackers can exploit these vulnerabilities by sending specially-crafted HTTP requests, potentially resulting in memory corruption, unauthorized information disclosure, and denial of service. The vulnerabilities arise from improper handling of the 'ssid_hex' HTTP parameter within the wireless connection handler, allowing authenticated users to trigger these critical weaknesses.",Adobe,Iota All-in-one Security Kit,8.2,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-35885,https://securityvulnerability.io/vulnerability/CVE-2022-35885,Format String Injection Vulnerabilities in Abode Systems iota Security Kit,"Four format string injection vulnerabilities present in the web interface of Abode Systems, Inc. iota All-In-One Security Kit can be exploited via specially-crafted HTTP requests. This can lead to severe consequences including memory corruption, information disclosure, and denial of service. The vulnerabilities stem from improper handling of the `wpapsk_hex` HTTP parameter within the `/action/wirelessConnect` functionality, which could allow an authenticated attacker to initiate these exploits.",Adobe,Iota All-in-one Security Kit,8.2,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-35886,https://securityvulnerability.io/vulnerability/CVE-2022-35886,Format String Injection Vulnerabilities in Abode Systems Security Kit,"Abode Systems, Inc. has identified multiple format string injection vulnerabilities within the web interface functionality of its iota All-In-One Security Kit, specifically in the '/action/wirelessConnect' endpoint. By sending specially-crafted HTTP requests utilizing the 'default_key_id' and 'key' parameters, an attacker can trigger memory corruption issues, leading to potential information disclosure and denial of service incidents. These vulnerabilities require the attacker to authenticate prior to exploitation, underscoring the importance of securing the web interface to prevent unauthorized access.",Adobe,Iota All-in-one Security Kit,8.2,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-27804,https://securityvulnerability.io/vulnerability/CVE-2022-27804,OS Command Injection Vulnerability in Abode Systems' Iota All-In-One Security Kit,"An OS command injection vulnerability has been identified in the web interface's util_set_abode_code functionality of Abode Systems, Inc.'s iota All-In-One Security Kit. This flaw allows attackers to execute arbitrary commands by sending a specially-crafted HTTP request, which can compromise the security of the device. It is crucial for users to be aware of this vulnerability and implement necessary patches to mitigate potential risks.",Adobe,Iota All-in-one Security Kit,8,HIGH,0.0029800001066178083,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-32773,https://securityvulnerability.io/vulnerability/CVE-2022-32773,OS Command Injection in Abode Systems iota All-In-One Security Kit,"An OS command injection vulnerability is present in the XCMD doDebug functionality of the iota All-In-One Security Kit by Abode Systems, Inc. This vulnerability allows an attacker to execute arbitrary commands on the system by sending a specially-crafted XML payload. Exploitation of this vulnerability could lead to severe security risks, as it enables unauthorized command execution by an attacker.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.002469999948516488,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-32775,https://securityvulnerability.io/vulnerability/CVE-2022-32775,Integer Overflow Vulnerability in Abode Systems iota All-In-One Security Kit,"An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of the iota All-In-One Security Kit by Abode Systems, Inc. This flaw can be exploited by sending specially-crafted HTTP requests, which may lead to memory corruption. Successful exploitation requires an authenticated user to trigger the vulnerability, potentially allowing attackers to compromise the integrity of the device.",Adobe,Iota All-in-one Security Kit,9,CRITICAL,0.0005699999746866524,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-33193,https://securityvulnerability.io/vulnerability/CVE-2022-33193,OS Command Injection Vulnerabilities in Abode Systems iota Security Kit,"The iota All-In-One Security Kit from Abode Systems, Inc. is affected by multiple OS command injection vulnerabilities specifically in the XCMD testWifiAP functionality. These vulnerabilities allow attackers to execute arbitrary commands by sending carefully crafted sequences of commands that exploit the insecure handling of the `WL_WPAPSK` configuration value in the firmware. The affected firmware versions include 6.9X and 6.9Z, where the vulnerabilities stem from unsafe function implementations that could potentially compromise device security.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.003109999932348728,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-33194,https://securityvulnerability.io/vulnerability/CVE-2022-33194,OS Command Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit,"Abode Systems' iota All-In-One Security Kit has been found to contain multiple vulnerabilities related to OS command injection in the XCMD testWifiAP functionality. Specifically, these vulnerabilities arise from unsafe handling of the WL_Key and WL_DefaultKeyID configuration values. An attacker can exploit this by sending a series of malicious commands, which can lead to arbitrary command execution. This concerns firmware versions 6.9X and 6.9Z, with exposed functions present at specific memory offsets, making it critical for users to ensure their devices are updated to mitigate any potential risks.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.002469999948516488,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-33195,https://securityvulnerability.io/vulnerability/CVE-2022-33195,OS Command Injection Vulnerability in Abode Systems iota All-In-One Security Kit,"Multiple OS command injection vulnerabilities have been identified in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit. These vulnerabilities allow an attacker to send specially crafted sequences of commands, which can lead to arbitrary command execution within the affected firmware versions 6.9X and 6.9Z. The exploitation of this vulnerability is rooted in the improper handling of the 'WL_DefaultKeyID', particularly during the command execution located at offset 0x1c7fac of the firmware.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.002469999948516488,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-33204,https://securityvulnerability.io/vulnerability/CVE-2022-33204,OS Command Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit,"Abode Systems iota All-In-One Security Kit contains multiple OS command injection vulnerabilities through the /action/wirelessConnect functionality. These vulnerabilities can be exploited by an authenticated attacker using specially-crafted HTTP requests, which manipulate the unsafe handling of the `ssid_hex` HTTP parameter. Successful exploitation may allow the execution of arbitrary commands on the affected device firmware, specifically impacting the binary located at offset `0x19afc0` in firmware versions 6.9Z and 6.9X.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.001560000004246831,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-33205,https://securityvulnerability.io/vulnerability/CVE-2022-33205,OS Command Injection in iota All-In-One Security Kit by Abode Systems,"The iota All-In-One Security Kit manufactured by Abode Systems is susceptible to multiple OS command injection vulnerabilities found in its web interface, specifically the /action/wirelessConnect functionality. By sending specially crafted HTTP requests, an authenticated attacker can execute arbitrary commands on the underlying operating system. This vulnerability arises from the unsafe handling of the ‘wpapsk_hex’ HTTP parameter, allowing for potential exploitation and undermining the security of affected firmware versions 6.9X and 6.9Z. Users are advised to apply recommended patches promptly to mitigate risks.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.0027099999133497477,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-33206,https://securityvulnerability.io/vulnerability/CVE-2022-33206,"OS Command Injection Vulnerability in Abode Security Kit by Abode Systems, Inc.","The iota All-In-One Security Kit by Abode Systems, Inc. has multiple OS command injection vulnerabilities found in its web interface's /action/wirelessConnect functionality. An attacker with authenticated access can exploit these vulnerabilities by sending a specially-crafted HTTP request. The issue arises from the improper handling of the `key` and `default_key_id` parameters which allows for the construction of malicious OS command execution paths. This is facilitated by a targeted manipulation of the `/root/hpgw` binary included in firmware versions 6.9X and 6.9Z.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.001560000004246831,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0
CVE-2022-33207,https://securityvulnerability.io/vulnerability/CVE-2022-33207,OS Command Injection Vulnerabilities in Abode Systems iota Security Kit,"The iota All-In-One Security Kit from Abode Systems, Inc. contains vulnerabilities within its web interface, specifically in the /action/wirelessConnect functionality. Attackers can exploit these weaknesses by sending specially-crafted HTTP requests that facilitate arbitrary command execution. This exploit leverages unsafe usage of the default_key_id HTTP parameter, allowing attackers to manipulate the system and execute commands at the binary offset of 0x19B234 in the firmware version 6.9Z.",Adobe,Iota All-in-one Security Kit,10,CRITICAL,0.001560000004246831,false,,false,false,false,,,false,false,,2022-10-25T17:15:00.000Z,0