CVE-2018-10987

Name of the Vulnerable Software and Affected Versions Dongguan Diqee Diqee360 devices (affected versions not specified)

Description The issue is an authenticated remote code execution problem. An attacker can send a specially crafted UDP packet to execute commands as root. The vulnerability is in the REQUEST SET WIFIPASSWD function, which is a UDP command 153. By sending a crafted UDP packet, an attacker can run the /mnt/skyeye/mode switch.sh script with control over the %s variable. In some cases, authentication can be achieved using the default password 888888 for the admin account.

Recommendations As a temporary workaround, consider disabling the REQUEST SET WIFIPASSWD function until a patch is available. Restrict access to the UDP command 153 to minimize the risk of exploitation. Change the default password 888888 for the admin account to a stronger password to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.