CVE-2018-6892

Name of the Vulnerable Software and Affected Versions CloudMe versions prior to 1.11.0

Description An issue was discovered that allows an unauthenticated remote attacker to send a malicious payload to the CloudMe Sync client application, causing a buffer overflow condition. This results in the attacker controlling the program's execution flow, allowing arbitrary code execution. The attacker must be able to connect to the client application listening on port 8888.

Recommendations For versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to port 8888 to minimize the risk of exploitation.