CVE-2022-35881 - Vulnerability Details - OpenCVE

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Goabode	Iota All-in-one Security Kit Firmware

Configuration 1 [-]

OR	cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:::::::*
	cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:::::::*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583

History

Tue, 15 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2022-10-25T16:34:20.328Z

Updated: 2025-04-15T18:42:12.665Z

Reserved: 2022-07-15T00:00:00.000Z

Link: CVE-2022-35881

Vulnrichment

Updated: 2024-08-03T09:44:22.163Z

NVD

Status : Modified

Published: 2022-10-25T17:15:54.903

Modified: 2024-11-21T07:11:52.317

Link: CVE-2022-35881

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-35881", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "datePublished": "2022-10-25T16:34:20.328Z", "dateUpdated": "2025-04-15T18:42:12.665Z", "dateReserved": "2022-07-15T00:00:00.000Z"}, "containers": {"cna": {"datePublic": "2022-10-20T00:00:00.000Z", "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2022-10-25T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler."}], "affected": [{"vendor": "abode systems, inc.", "product": "iota All-In-One Security Kit", "versions": [{"version": "6.9X", "status": "affected"}, {"version": "6.9Z", "status": "affected"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-134: Use of Externally-Controlled Format String", "cweId": "CWE-134"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:44:22.163Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T18:16:36.689362Z", "id": "CVE-2022-35881", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:42:12.665Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:44:22.163Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-35881", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T18:16:36.689362Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:16:38.092Z"}}], "cna": {"metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "abode systems, inc.", "product": "iota All-In-One Security Kit", "versions": [{"status": "affected", "version": "6.9X"}, {"status": "affected", "version": "6.9Z"}]}], "datePublic": "2022-10-20T00:00:00.000Z", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"}], "descriptions": [{"lang": "en", "value": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "CWE-134: Use of Externally-Controlled Format String"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2022-10-25T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-35881", "state": "PUBLISHED", "dateUpdated": "2025-04-15T18:42:12.665Z", "dateReserved": "2022-07-15T00:00:00.000Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2022-10-25T16:34:20.328Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:*:*:*:*:*:*:*", "matchCriteriaId": "9341C371-6AC1-428C-809E-7856975E8FC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:*", "matchCriteriaId": "EA9202A4-4D07-4293-93EE-73183AEEE5E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler."}, {"lang": "es", "value": "Se presentan cuatro vulnerabilidades de inyecci\u00f3n de cadenas de formato en la funcionalidad UPnP logging de Abode Systems, Inc. iota All-In-One Security Kit versiones 6.9Z y 6.9X. Una negociaci\u00f3n UPnP especialmente dise\u00f1ada puede conllevar a una corrupci\u00f3n de memoria, divulgaci\u00f3n de informaci\u00f3n y denegaci\u00f3n de servicio. Esta vulnerabilidad surge de una inyecci\u00f3n de cadenas de formato por medio de las etiquetas XML \"errorCode\" y \"errorDescription\", usadas en el manejador de acci\u00f3n \"DoUpdateUPnPbyService\""}], "id": "CVE-2022-35881", "lastModified": "2024-11-21T07:11:52.317", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-25T17:15:54.903", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1583"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}