Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Abode Iota 操作系统命令注入漏洞
Vulnerability Description
Abode Iota是Abode公司的一个可靠的 Diy 家庭安全系统。 Abode Iota All-In-One Security Kit 6.9X版本和6.9Z版本存在操作系统命令注入漏洞。攻击者利用该漏洞通过特制的HTTP请求执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A