High severity8.8NVD Advisory· Published Oct 25, 2022· Updated Jun 17, 2026
CVE-2022-35884
CVE-2022-35884
Description
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the ssid_hex HTTP parameter, as used within the /action/wirelessConnect handler.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26.9Z, 6.9X+ 1 more
- (no CPE)range: 6.9Z, 6.9X
- (no CPE)range: 6.9X
Patches
Vulnerability mechanics
References
1- talosintelligence.com/vulnerability_reports/TALOS-2022-1585nvdExploitTechnical DescriptionThird Party Advisory
News mentions
0No linked articles in our index yet.