The following advisory describes one (1) vulnerability found in CloudMe.
CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.”
The vulnerability found is a buffer overflow vulnerability, which when exploited can be used to cause the product to execute arbitrary code.
Credit
A security researcher from, hyp3rlinx, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
Vendor response
The vendor has released CloudMe version 1.11.0 which addresses this vulnerability.
CVE: CVE-2018-6892
Continue reading SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow