Описание
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:diqee:diqee360_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:diqee:diqee360:-:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00022
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
EPSS
Процентиль: 5%
0.00022
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-347