Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2022-35875

Description

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler

POC

Reference

- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581

Github

No PoCs found on GitHub currently.