CVE-2022-33938

HIGH Year: 2022
CVSS v3 Score
8.2
High
Weakness Type
CWE-134
View all →

Vulnerability Description

A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.

Related Vulnerabilities

CVE-2020-36323

HIGH
CVSS:8.2(High)

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes af...

CWE-1342020

CVE-2022-35874

HIGH
CVSS:8.2(High)

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can le...

CWE-1342022

CVE-2022-35875

HIGH
CVSS:8.2(High)

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can le...

CWE-1342022

CVE-2022-35876

HIGH
CVSS:8.2(High)

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can le...

CWE-1342022

CVE-2022-35877

HIGH
CVSS:8.2(High)

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can le...

CWE-1342022

CVE-2022-35884

HIGH
CVSS:8.2(High)

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTT...

CWE-1342022