Sign-up

ID

VAR-201807-1009


CVE

CVE-2018-10987


TITLE

Diqee Diqee360 Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-007684

DESCRIPTION

An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account. Diqee Diqee360 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Diqee Diqee360 is an intelligent sweeping robot equipment produced by China Diqee Company

Trust: 1.71

sources: NVD: CVE-2018-10987 // JVNDB: JVNDB-2018-007684 // VULHUB: VHN-120801

AFFECTED PRODUCTS

vendor:diqeemodel:diqee360scope:eqversion: -

Trust: 1.6

vendor:diqeemodel:360scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-007684 // CNNVD: CNNVD-201807-322 // NVD: CVE-2018-10987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10987
value: HIGH

Trust: 1.0

NVD: CVE-2018-10987
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-322
value: HIGH

Trust: 0.6

VULHUB: VHN-120801
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-10987
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-120801
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10987
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-120801 // JVNDB: JVNDB-2018-007684 // CNNVD: CNNVD-201807-322 // NVD: CVE-2018-10987

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-120801 // JVNDB: JVNDB-2018-007684 // NVD: CVE-2018-10987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-322

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-322

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007684

PATCH
title:Top Pageurl:http://en.diqee.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-007684

EXTERNAL IDS
db:NVDid:CVE-2018-10987
Trust: 2.5
db:JVNDBid:JVNDB-2018-007684
Trust: 0.8
db:CNNVDid:CNNVD-201807-322
Trust: 0.7
db:VULHUBid:VHN-120801
Trust: 0.1
sources:
            
            
            VULHUB: VHN-120801 // 
            
            
            
            JVNDB: JVNDB-2018-007684 // 
            
            
            
            CNNVD: CNNVD-201807-322 // 
            
            
            
            NVD: CVE-2018-10987

REFERENCES
url:https://gist.github.com/neolead/10b27c5c04bca84a5515783ca6f2ecb4#file-cve-2018-10987-txt
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10987
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10987
Trust: 0.8
sources:
            
            
            VULHUB: VHN-120801 // 
            
            
            
            JVNDB: JVNDB-2018-007684 // 
            
            
            
            CNNVD: CNNVD-201807-322 // 
            
            
            
            NVD: CVE-2018-10987

SOURCES
db:VULHUBid:VHN-120801
db:JVNDBid:JVNDB-2018-007684
db:CNNVDid:CNNVD-201807-322
db:NVDid:CVE-2018-10987

LAST UPDATE DATE
2024-11-23T21:52:58.369000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-120801date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-007684date:2018-09-21T00:00:00
db:CNNVDid:CNNVD-201807-322date:2019-10-23T00:00:00
db:NVDid:CVE-2018-10987date:2024-11-21T03:42:26.587

SOURCES RELEASE DATE
db:VULHUBid:VHN-120801date:2018-07-05T00:00:00
db:JVNDBid:JVNDB-2018-007684date:2018-09-21T00:00:00
db:CNNVDid:CNNVD-201807-322date:2018-07-06T00:00:00
db:NVDid:CVE-2018-10987date:2018-07-05T20:29:00.323