CVE-2020-8105

Summary

OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz.

Affected Software

VendorProductVersion RangeStatus
Abodeiota All-In-One Security Kitunspecified < 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE ozaffected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

Workarounds

An update to firmware version 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz fixes the issue.

ADP Enrichment

CVE Program Container

Additional References

References