CVE-2022-33938
Severity CVSS v4.0:
Pending analysis
Type:
CWE-134
Format String Vulnerability
Publication date:
25/10/2022
Last modified:
26/10/2022
Description
A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:* | ||
cpe:2.3:h:goabode:iota_all-in-one_security_kit:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:*:*:*:*:*:*:* | ||
cpe:2.3:h:goabode:iota_all-in-one_security_kit:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page