CVE-2022-29520 HIGH

CVE-2022-29520

Vendor Abode Systems, Inc.
Product iota All-In-One Security Kit
Weakness CWE-489
Published October 25, 2022
Last update April 15, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.

Key dates

02Disclosure timeline

October 25, 2022 CVE published
April 15, 2025 Record updated