https://vulnerability.circl.lu/sightings/feed 2026-05-04T13:01:22.959128+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/1782e90d-9e54-404c-9e4d-5bd58a399f31/export 2026-05-04T13:01:23.398862+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1782e90d-9e54-404c-9e4d-5bd58a399f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35886", "type": "seen", "source": "https://t.me/cibsecurity/52023", "content": "\u203c CVE-2022-35886 \u203c\n\nFour format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:26:52.000000Z"} 2022-10-25T20:26:52+00:00