George Zaytsev

**Name of the Vulnerable Software and Affected Versions** SoftCase T-Router build 20112017 **Description** An issue was discovered where there are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, this allows code execution both on the other modem and on the main servers. **Recommendations** For SoftCase T-Router build 20112017, update to a production build from Spring 2018 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'exec command' feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SoftCase T-Router build 20112017 **Description** A remote attacker can read and write to arbitrary files on the system as root. This can be achieved by writing to a crontab file, which can lead to code execution. The issue is fixed in production builds as of Spring 2018. **Recommendations** For SoftCase T-Router build 20112017, update to a production build released after Spring 2018 to resolve the issue. As a temporary workaround, consider restricting access to the crontab file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dongguan Diqee Diqee360 devices (affected versions not specified) **Description** The issue is an authenticated remote code execution problem. An attacker can send a specially crafted UDP packet to execute commands as root. The vulnerability is in the `REQUEST SET WIFIPASSWD` function, which is a UDP command 153. By sending a crafted UDP packet, an attacker can run the `/mnt/skyeye/mode switch.sh` script with control over the `%s` variable. In some cases, authentication can be achieved using the default password `888888` for the admin account. **Recommendations** As a temporary workaround, consider disabling the `REQUEST SET WIFIPASSWD` function until a patch is available. Restrict access to the UDP command 153 to minimize the risk of exploitation. Change the default password `888888` for the admin account to a stronger password to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Diqee360 devices (affected versions not specified) **Description** An issue was discovered where the firmware update process on Diqee360 devices executes code without a digital signature as root. This code execution occurs from specific pathnames on the microSD card, including `/mnt/sdcard/$PRO NAME/upgrade.sh` and `/sdcard/upgrage 360/upgrade.sh`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.