Published: 05/07/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An issue exists on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
diqee diqee360_firmware -

Doctor, doctor, I feel like my IoT-enabled vacuum cleaner is spying on me

The Register • John Leyden • 20 Jul 2018

Snooping on the built-in cam? Remotely controlling it? Well, that sucks *ba-dum tsh* Smart? Don't ThinQ so! Hacked robo-vacuum could spy on your home

Vulnerabilities in a range of robot vacuum cleaners allow miscreants to access the gadgets' camera, and remote-control the gizmos. Security researchers at Positive Technologies (PT) this week disclosed that Dongguan Diqee 360 smart vacuum cleaners contain security flaws that hackers can exploit to snoop on people through the night-vision camera and mic, and take control of the Roomba rip-off. Think of it as a handy little spy-on-wheels. The security issues, discovered by PT's Leonid Krolle and G...

CVE-2018-10988

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect