Key Vulnerability Information from the Screenshot: Title: Cisco Talos Vulnerability Report on Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect OS command injection vulnerabilities CVEs: CVE-2022-33205, CVE-2022-33204, CVE-2022-33206, CVE-2022-33207 Summary: Four OS command injection vulnerabilities exist in the web interface /action/wirelessConnect of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Affected Versions: iota All-In-One Security Kit versions 6.9X and 6.9Z Product URL: iota All-In-One Security Kit CVSS Score: 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Details: - The iota All-In-One Security Kit is a home security gateway with various functionalities. The vulnerabilities are due to insufficient validation and sanitization of user-supplied data in the web interface /action/wirelessConnect. This could lead to OS command injection. - If the wireless functionality is enabled and certain conditions are met, a remote attacker can exploit these vulnerabilities to execute arbitrary commands on the affected devices. Timeline: - 2022-07-14: Vendor Disclosure - 2022-09-26: Vendor Patch Release - 2022-10-20: Public Release Credits: Discovered by Matt Wiseman of Cisco Talos.