Описание
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account.
Ссылки
- ExploitThird Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:mobvoi:tichome_mini_firmware:012-18853:*:*:*:*:*:*:*
cpe:2.3:o:mobvoi:tichome_mini_firmware:027-58389:*:*:*:*:*:*:*
cpe:2.3:h:mobvoi:tichome_mini:-:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01408
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
2 месяца назад
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account.
EPSS
Процентиль: 81%
0.01408
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78