Skip to content

Instantly share code, notes, and snippets.

View CVE-2018-11240.txt
CVE-2018-11240
[Description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
There are no restrictions on the 'exec command' feature of the
T-Router protocol. If the command syntax is correct, there is code
execution both on the other modem and on the main servers. This is
fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The vulnerability is hide in no limitations for executing the 'exec
View CVE-2018-11241.txt
CVE-2018-11241
[Suggested description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
A remote attacker can read and write to arbitrary files on the system
as root, as demonstrated by code execution after writing to a crontab file.
This is fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The T-Router protocol contains not only the functions of executing the
above-mentioned commands of the 'top' level, but also commands
View CVE-2018-10987.txt
CVE-2018-10987
[Suggested description]
An issue was discovered on Dongguan Diqee Diqee360 vacuum cleaner devices.
The affected vacuum cleaners suffers from an authenticated remote code
execution vulnerability. An authenticated attacker can send a
specially crafted UDP packet, and execute commands on the vacuum
cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153).
A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an
attacker controlling the %s variable. In some cases, authentication
View CVE-2018-10988.txt
CVE-2018-10988
[Suggested description]
An issue was discovered on Diqee360 devices (http://diqee.com).
A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card.
It executes code, without a digital signature, as root from the
/mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
------------------------------------------
[Additional Information]
@neolead
neolead / chk2.sh
Last active May 6, 2020
nordvpn account checker) v1.пошёл_в_жопу
View chk2.sh
#Nordvpn account check tool v1.2 Created by matrix
#
#Run like bash chk2.sh filename.txt filename.txt must be in login:password format
#Working proxy accounts will be stored into work.txt Multithreaded tool. default 190 threads, you can change inside.
if [[ $# -eq 0 ]] ; then
echo 'Nordvpn check tool v1.2'
echo 'Created by matrix'
echo 'Run like bash chk2.sh filename.txt'
echo 'filename.txt must be in login:password format'
You can’t perform that action at this time.