CVE-2022-32760
Description
A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial of service vulnerability in Abode iota All-In-One Security Kit 6.9X and 6.9Z allows unauthenticated attackers to crash the device via a crafted XML XCMD payload.
Vulnerability
The doDebug XCMD functionality in Abode Systems iota All-In-One Security Kit versions 6.9X and 6.9Z contains leftover debug code (CWE-489). This XCMD can be triggered by a specially-crafted XML payload sent over UDP/55050, leading to denial of service [1]. No authentication is required.
Exploitation
An unauthenticated attacker with network access can send a malicious XML XCMD payload to the UDP/55050 service on the target device. The payload must include the ` root node with and elements, specifying the doDebug` command [1]. This triggers the vulnerable debug functionality.
Impact
Successful exploitation causes a denial of service, affecting device availability. No confidentiality or integrity impact is expected [1]. The CVSSv3 score is 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Mitigation
As of the publication date, no fix has been announced by the vendor. Users should monitor for firmware updates from Abode Systems. The affected versions are 6.9X and 6.9Z; later versions may contain a patch [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
26.9X, 6.9Z+ 1 more
- (no CPE)range: 6.9X, 6.9Z
- (no CPE)range: 6.9X
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.