Four format string injection vulnerabilities exist in the...
High severity
Unreviewed
Published
Oct 25, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Oct 25, 2022
Published to the GitHub Advisory Database
Oct 25, 2022
Last updated
Jan 30, 2023
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via
errorCode
anderrorDescription
XML tags, as used within theDoUpdateUPnPbyService
action handler.References