How severe is CVE-2022-35886?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2022-35886?

This is classified as CWE-134, which is a common weakness in software security.

CVE-2022-35886 - HIGH Severity | CVSS 8.2

Vulnerability Description

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler.

Related Vulnerabilities

CVE-2020-36323

HIGH

CVSS:8.2(High)

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes af...

CWE-1342020

CVE-2022-33938

HIGH

CVSS:8.2(High)

A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to...

CWE-1342022

CVE-2022-35874

HIGH

CVSS:8.2(High)

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can le...

CWE-1342022

CVE-2022-35875

HIGH

CVSS:8.2(High)

CWE-1342022

CVE-2022-35876

HIGH

CVSS:8.2(High)

CWE-1342022

CVE-2022-35877

HIGH

CVSS:8.2(High)

CWE-1342022