CVE-2018-10987
CVE-2018-10987 is a remote code execution flaw in the Dongguan Diqee 360 vacuum cleaners. The vulnerability resides in the UDP command 153, REQUEST_SET_WIFIPASSWD, where a crafted UDP packet can cause the device to execute a command as root ("/mnt/skyeye/mode_switch.sh %s"). An attacker must auth...