PT-2022-21387 · Abode Systems · Iota All-In-One Security Kit
Matt Wiseman
·
Published
2022-10-25
·
Updated
2022-10-26
·
CVE-2022-32586
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z
Description
A command injection issue exists in the web interface /action/ipcamRecordPost functionality. This allows an attacker to execute arbitrary commands via a specially-crafted HTTP request. The vulnerability can be triggered by making an authenticated HTTP request.
Recommendations
For versions 6.9X and 6.9Z, consider restricting access to the /action/ipcamRecordPost functionality until a fix is available.
Avoid using the vulnerable /action/ipcamRecordPost functionality in the web interface until the issue is resolved.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iota All-In-One Security Kit