Double Free
CVE-2022-32574
Summary
A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
References
Advisory Timeline
- Published