neolead

## chk2.sh
#Nordvpn account check tool v1.2 Created by matrix
#
#Run like bash chk2.sh filename.txt filename.txt must be in login:password format
#Working proxy accounts will be stored into work.txt Multithreaded tool. default 190 threads, you can change inside.

if [[ $# -eq 0 ]] ; then
    echo 'Nordvpn check tool v1.2'
    echo 'Created by matrix'
    echo 'Run like bash chk2.sh filename.txt'
    echo 'filename.txt must be in login:password format'

## gist:894a55638118832284fd397564027c9a
Just a pawn test of hackerone.com/neolead

## CVE-2018-10988.txt
CVE-2018-10988

[Suggested description]
An issue was discovered on Diqee360 devices (http://diqee.com).
A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card.
It executes code, without a digital signature, as root from the
/mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
------------------------------------------

[Additional Information]

## CVE-2018-10987.txt
CVE-2018-10987

[Suggested description]
An issue was discovered on Dongguan Diqee Diqee360 vacuum cleaner devices.
The affected vacuum cleaners suffers from an authenticated remote code
execution vulnerability. An authenticated attacker can send a
specially crafted UDP packet, and execute commands on the vacuum
cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153).
A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an
attacker controlling the %s variable. In some cases, authentication

## CVE-2018-11241.txt
CVE-2018-11241
[Suggested description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
A remote attacker can read and write to arbitrary files on the system
as root, as demonstrated by code execution after writing to a crontab file.
This is fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The T-Router protocol contains not only the functions of executing the
above-mentioned commands of the 'top' level, but also commands

## CVE-2018-11240.txt
CVE-2018-11240
[Description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
There are no restrictions on the 'exec command' feature of the
T-Router protocol. If the command syntax is correct, there is code
execution both on the other modem and on the main servers. This is
fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The vulnerability is hide in no limitations for executing the 'exec
	#Nordvpn account check tool v1.2 Created by matrix
	#
	#Run like bash chk2.sh filename.txt filename.txt must be in login:password format
	#Working proxy accounts will be stored into work.txt Multithreaded tool. default 190 threads, you can change inside.

	if [[ $# -eq 0 ]] ; then
	echo 'Nordvpn check tool v1.2'
	echo 'Created by matrix'
	echo 'Run like bash chk2.sh filename.txt'
	echo 'filename.txt must be in login:password format'
	CVE-2018-10988

	[Suggested description]
	An issue was discovered on Diqee360 devices (http://diqee.com).
	A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card.
	It executes code, without a digital signature, as root from the
	/mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
	------------------------------------------

	[Additional Information]
	CVE-2018-10987

	[Suggested description]
	An issue was discovered on Dongguan Diqee Diqee360 vacuum cleaner devices.
	The affected vacuum cleaners suffers from an authenticated remote code
	execution vulnerability. An authenticated attacker can send a
	specially crafted UDP packet, and execute commands on the vacuum
	cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153).
	A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an
	attacker controlling the %s variable. In some cases, authentication
	CVE-2018-11241
	[Suggested description]
	An issue was discovered on SoftCase T-Router build 20112017 devices.
	A remote attacker can read and write to arbitrary files on the system
	as root, as demonstrated by code execution after writing to a crontab file.
	This is fixed in production builds as of Spring 2018.
	------------------------------------------
	[Additional Information]
	The T-Router protocol contains not only the functions of executing the
	above-mentioned commands of the 'top' level, but also commands
	CVE-2018-11240
	[Description]
	An issue was discovered on SoftCase T-Router build 20112017 devices.
	There are no restrictions on the 'exec command' feature of the
	T-Router protocol. If the command syntax is correct, there is code
	execution both on the other modem and on the main servers. This is
	fixed in production builds as of Spring 2018.
	------------------------------------------
	[Additional Information]
	The vulnerability is hide in no limitations for executing the 'exec