An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGoabode Iota All In One Security Kit
HWGoabodewszystkie wersjeGoabode Iota All In One Security Kit Firmware
OSGoabode6.9z
Related vulnerabilities
An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Sys...
An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota A...
An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode S...
An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode S...
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One ...