An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Iota_all-in-one_security_kit_firmware | Goabode | 6.9z (including) | 6.9z (including) |