mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.1 KiB
1.1 KiB
CVE-2022-33195
&color=brighgreen)
Description
Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the WL_DefaultKeyID in the function located at offset 0x1c7d28 of firmware 6.9Z, and even more specifically on the command execution occuring at offset 0x1c7fac.
POC
Reference
Github
No PoCs found on GitHub currently.