CVE-2018-10988

Name of the Vulnerable Software and Affected Versions Diqee360 devices (affected versions not specified)

Description An issue was discovered where the firmware update process on Diqee360 devices executes code without a digital signature as root. This code execution occurs from specific pathnames on the microSD card, including /mnt/sdcard/$PRO NAME/upgrade.sh and /sdcard/upgrage 360/upgrade.sh.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.