How severe is CVE-2022-35881?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2022-35881?

This is classified as CWE-134, which is a common weakness in software security.

CVE-2022-35881 - HIGH Severity | CVSS 7.1

Vulnerability Description

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler.

Related Vulnerabilities

CVE-2020-27524

HIGH

CVSS:7.1(High)

On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory cont...

CWE-1342020

CVE-2022-35878

HIGH

CVSS:7.1(High)

CWE-1342022

CVE-2022-35879

HIGH

CVSS:7.1(High)

CWE-1342022

CVE-2022-35880

HIGH

CVSS:7.1(High)

CWE-1342022

CVE-2022-24051

HIGH

CVSS:7.0(High)

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication i...

CWE-1342022

CVE-2018-12590

HIGH

CVSS:7.2(High)

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privileg...

CWE-1342018