An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Diqee360_firmware | Diqee | - (including) | - (including) |