CVE-2020-8105

OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
BitdefenderCNA
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
goabodeiota_all-in-one_security_kit_firmware
𝑥
< 1.0.2.23_6.9v_dev_t2_homekit_rf_2.0.19_s2_kvsabode_oz
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-theabode-iota-security-system-fake-image-injectioninto-timeline
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-theabode-iota-security-system-fake-image-injectioninto-timeline