CVE-2018-7886

Name of the Vulnerable Software and Affected Versions: CloudMe version 1.11.0

Description: An issue in CloudMe allows an unauthenticated local attacker to send a malicious payload to the CloudMe Sync client application, causing a buffer overflow condition. This can result in code execution or a crash. The attacker must be able to connect to the application listening on 127.0.0.1 port 8888.

Recommendations: For CloudMe version 1.11.0, as a temporary workaround, consider restricting access to the CloudMe Sync client application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.