PT-2022-21329 · Abode Systems · Iota All-In-One Security Kit

Matt Wiseman

Published

2022-10-25

Updated

2022-10-26

CVE-2022-32454

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z

Description A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality. This can be triggered by a specially-crafted XCMD, leading to remote code execution. An attacker can exploit this issue by sending a malicious XML payload.

Recommendations For versions 6.9X and 6.9Z, consider disabling the XCMD setIPCam functionality until a patch is available to prevent remote code execution. Restrict access to the setIPCam functionality to minimize the risk of exploitation. Avoid using the XCMD setIPCam functionality with untrusted input until the issue is resolved.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2022-32454

Affected Products

Iota All-In-One Security Kit

PT-2022-21329 · Abode Systems · Iota All-In-One Security Kit

CVE-2022-32454

Weakness Enumeration

Related Identifiers

Affected Products

References · 4