CVE-2022-35875 Information

Oct 26, 2022 cve

Description

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the wpapsk configuration parameter as used within the testWifiAP XCMD handler

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581

Share on: