CVE-2022-33195

Vulnerability

In the testWifiAP XCMD functionality of the Abode Systems, Inc. iota All-In-One Security Kit firmware versions 6.9X and 6.9Z, four OS command injection vulnerabilities exist. This specific instance resides in the unsafe use of the WL_DefaultKeyID parameter within the function located at offset 0x1c7d28 (with command execution at offset 0x1c7fac) of firmware 6.9Z. The vulnerability is classified as CWE-78 (OS Command Injection). [1]

Exploitation

An unauthenticated attacker can reach the vulnerable code path by sending a sequence of malicious XCMDs via a UDP service on port 55050, as described in TALOS-2022-1552. The attacker does not require any prior authentication or user interaction. By crafting a specially crafted WL_DefaultKeyID parameter within the testWifiAP XCMD, the attacker can inject arbitrary OS commands that are executed by the device. [1]

Impact

Successful exploitation allows the attacker to achieve arbitrary command execution on the iota device with full system privileges. This leads to complete compromise of confidentiality, integrity, and availability, as the attacker can read sensitive data, modify device configuration, or disrupt device operation. [1]

Mitigation

As of the publication date, no fixed version has been released by the vendor for this specific vulnerability. The vulnerable firmware versions (6.9X and 6.9Z) remain affected. Users should monitor vendor advisories for patches or consider isolating the device from untrusted networks. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date. [1]