Vulnerabilities > Goabode > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-29475 Authentication Bypass by Capture-replay vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc.
network
high complexity
goabode CWE-294
8.1
8.1
2022-10-25 CVE-2022-30603 OS Command Injection vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc.
network
low complexity
goabode CWE-78
8.8
8.8
2022-10-25 CVE-2022-32586 OS Command Injection vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc.
network
low complexity
goabode CWE-78
8.8
8.8
2022-10-25 CVE-2022-32760 Leftover Debug Code vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc.
network
low complexity
goabode CWE-489
7.5
7.5
2022-10-25 CVE-2022-32775 Integer Overflow or Wraparound vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc.
network
low complexity
goabode CWE-190
8.8
8.8
2022-10-25 CVE-2022-35878 Use of Externally-Controlled Format String vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc.
low complexity
goabode CWE-134
8.8
8.8
2022-10-25 CVE-2022-35879 Use of Externally-Controlled Format String vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc.
low complexity
goabode CWE-134
8.8
8.8
2022-10-25 CVE-2022-35880 Use of Externally-Controlled Format String vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc.
low complexity
goabode CWE-134
8.8
8.8
2022-10-25 CVE-2022-35881 Use of Externally-Controlled Format String vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc.
low complexity
goabode CWE-134
8.8
8.8
2022-10-25 CVE-2022-35884 Use of Externally-Controlled Format String vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc.
network
low complexity
goabode CWE-134
8.8
8.8