{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T03:31:40.608","vulnerabilities":[{"cve":{"id":"CVE-2022-33204","sourceIdentifier":"talos-cna@cisco.com","published":"2022-10-25T17:15:53.147","lastModified":"2024-11-21T07:07:42.723","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z."},{"lang":"es","value":"Se presentan cuatro vulnerabilidades de inyección de comandos del Sistema Operativo en la funcionalidad de la interfaz web /action/wirelessConnect de Abode Systems, Inc. iota All-In-One Security Kit versiones 6.9X y 6.9Z. Una petición HTTP especialmente diseñada puede conllevar a una ejecución de un comando arbitrario. Un atacante puede realizar una petición HTTP autenticada para activar estas vulnerabilidades. Esta vulnerabilidad es centrada en el uso no seguro del parámetro HTTP \"ssid_hex\" para construir un comando del Sistema Operativo en el offset \"0x19afc0\" del binario \"/root/hpgw\" incluido en el firmware 6.9Z"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:*:*:*:*:*:*:*","matchCriteriaId":"9341C371-6AC1-428C-809E-7856975E8FC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:*","matchCriteriaId":"EA9202A4-4D07-4293-93EE-73183AEEE5E0"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1568","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1568","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}