PT-2022-21383 · Abode Systems · Iota All-In-One Security Kit
Matt Wiseman
·
Published
2022-10-25
·
Updated
2022-10-26
·
CVE-2022-32574
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z
Description
A double-free issue exists in the web interface
/action/ipcamSetParamPost functionality. This can be triggered by a specially-crafted HTTP request, leading to memory corruption. An attacker can make an authenticated HTTP request to exploit this issue.Recommendations
For versions 6.9X and 6.9Z, consider restricting access to the
/action/ipcamSetParamPost functionality until a fix is available.
As a temporary workaround, avoid using the web interface functionality that triggers the double-free vulnerability until a patch is released.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iota All-In-One Security Kit