Four format string injection vulnerabilities exist in the...
Critical severity
Unreviewed
Published
Oct 25, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Oct 25, 2022
Published to the GitHub Advisory Database
Oct 25, 2022
Last updated
Jan 30, 2023
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the
wpapsk
configuration parameter, as used within thetestWifiAP
XCMD handlerReferences