Critical severity9.8NVD Advisory· Published Oct 25, 2022· Updated Jun 17, 2026
CVE-2022-35875
CVE-2022-35875
Description
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the wpapsk configuration parameter, as used within the testWifiAP XCMD handler
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26.9X and 6.9Z+ 1 more
- (no CPE)range: 6.9X and 6.9Z
- (no CPE)range: 6.9X
Patches
Vulnerability mechanics
References
1- talosintelligence.com/vulnerability_reports/TALOS-2022-1581nvdExploitTechnical DescriptionThird Party Advisory
News mentions
0No linked articles in our index yet.