CVE-2022-29477

Name of the Vulnerable Software and Affected Versions Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z

Description An authentication bypass issue exists in the web interface, specifically in the /action/factory* functionality. This can be triggered by a specially-crafted HTTP header, allowing an attacker to bypass authentication by sending a crafted HTTP request.

Recommendations For versions 6.9X and 6.9Z, as a temporary workaround, consider restricting access to the /action/factory* API endpoint until a patch is available. Avoid using specially-crafted HTTP headers in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.