Skip to content

Instantly share code, notes, and snippets.

neolead

Block or report user

Report or block neolead

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View CVE-2018-11240.txt
CVE-2018-11240
[Description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
There are no restrictions on the 'exec command' feature of the
T-Router protocol. If the command syntax is correct, there is code
execution both on the other modem and on the main servers. This is
fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The vulnerability is hide in no limitations for executing the 'exec
View CVE-2018-11241.txt
CVE-2018-11241
[Suggested description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
A remote attacker can read and write to arbitrary files on the system
as root, as demonstrated by code execution after writing to a crontab file.
This is fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The T-Router protocol contains not only the functions of executing the
above-mentioned commands of the 'top' level, but also commands
View CVE-2018-10987.txt
CVE-2018-10987
[Suggested description]
An issue was discovered on Dongguan Diqee Diqee360 vacuum cleaner devices.
The affected vacuum cleaners suffers from an authenticated remote code
execution vulnerability. An authenticated attacker can send a
specially crafted UDP packet, and execute commands on the vacuum
cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153).
A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an
attacker controlling the %s variable. In some cases, authentication
View CVE-2018-10988.txt
CVE-2018-10988
[Suggested description]
An issue was discovered on Diqee360 devices (http://diqee.com).
A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card.
It executes code, without a digital signature, as root from the
/mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
------------------------------------------
[Additional Information]
You can’t perform that action at this time.