CVE Published: 25/10/2022 |
CVE Updated: 16/09/2024 |
CVE Year: 2022 Source: talos |
Vendor: abode systems, inc. |
Product: iota All-In-One Security Kit Status : PUBLISHED
CVE-2022-30541 Description
An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability.
CWE-ID: CWE-78 CWE Name: CWE-78: Improper Neutralization of Special Elements used in an OS Command (
OS Command Injection
) Source: abode systems, inc.
Common Attack Pattern Enumeration and Classification (CAPEC)