← Back

Diqee

diqee

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Diqee360 Firmware
diqee360_firmware
2 CVEs
Diqee360
diqee360
0 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-10988
1Diqee
1Diqee360 Firmware
Nov 21, 2024
Jul 5, 2018
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital sign...Show more
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.Show less
CVE-2018-10987
1Diqee
1Diqee360 Firmware
Nov 21, 2024
Jul 5, 2018
N/A· v4
7.5 HIGH· v3
8.5 HIGH· v2
An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet...Show more
An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.Show less