Strix
26.1K

CVE-2018-10987

UnknownEPSS 2.96%

Last modified

CVE-2018-10987 is a vulnerability of currently unknown severity. An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. EPSS estimates a 2.96% chance of exploitation in the next 30 days.

Description

An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.

Metrics

EPSS Probability
2.96%

85.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DiqeeDiqee360 FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-10987?
An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.
How severe is CVE-2018-10987?
Severity scoring for CVE-2018-10987 is pending analysis. The EPSS model estimates a 2.96% probability of exploitation in the next 30 days.
How do I fix CVE-2018-10987?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-10987?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST