neolead

CVE-2018-10988

[Suggested description]
An issue was discovered on Diqee360 devices (http://diqee.com).
A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card.
It executes code, without a digital signature, as root from the 
/mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
------------------------------------------

[Additional Information]

neolead

CVE-2018-10987

[Suggested description]
An issue was discovered on Dongguan Diqee Diqee360 vacuum cleaner devices.
The affected vacuum cleaners suffers from an authenticated remote code 
execution vulnerability. An authenticated attacker can send a 
specially crafted UDP packet, and execute commands on the vacuum 
cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153).
A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an 
attacker controlling the %s variable. In some cases, authentication 

neolead

CVE-2018-11241
[Suggested description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
A remote attacker can read and write to arbitrary files on the system 
as root, as demonstrated by code execution after writing to a crontab file.
This is fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The T-Router protocol contains not only the functions of executing the 
above-mentioned commands of the 'top' level, but also commands 

neolead

CVE-2018-11240
[Description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
There are no restrictions on the 'exec command' feature of the 
T-Router protocol. If the command syntax is correct, there is code 
execution both on the other modem and on the main servers. This is 
fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The vulnerability is hide in no limitations for executing the 'exec