How severe is CVE-2018-10987?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-10987?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2018-10987 - HIGH Severity | CVSS 7.5

Vulnerability Description

An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.

Related Vulnerabilities

CVE-2016-0634

HIGH

CVSS:7.5(High)

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

CWE-782016

CVE-2016-2876

HIGH

CVSS:7.5(High)

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access ...

CWE-782016

CVE-2016-6631

HIGH

CVSS:7.5(High)

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user...

CWE-782016

CVE-2017-7414

HIGH

CVSS:7.5(High)

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabl...

CWE-782017

CVE-2018-1238

HIGH

CVSS:7.5(High)

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses sh...

CWE-782018

CVE-2018-16089

HIGH

CVSS:7.5(High)

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as ...

CWE-782018