CVE-2018-6892

CRITICAL

CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 10 public exploits for CVE-2018-6892. PoCs published by Metasploit, hyp3rlinx, boku, including Metasploit module exploits/windows/misc/cloudme_sync.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in CloudMe Sync v1.10.9 via a maliciously crafted TCP packet. It leverages SEH overwrites to achieve remote code execution on Windows 7 SP1 x86.

Description

An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.

Exploits (10)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/44175

This Metasploit module exploits a stack-based buffer overflow in CloudMe Sync v1.10.9 via a maliciously crafted TCP packet. It leverages SEH overwrites to achieve remote code execution on Windows 7 SP1 x86.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CloudMe Sync v1.10.9
No auth needed
Prerequisites: Network access to target on port 8888 · Target running CloudMe Sync v1.10.9
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by hyp3rlinx · pythonremotewindows
https://www.exploit-db.com/exploits/44027

This exploit demonstrates an unauthenticated remote buffer overflow in CloudMe Sync <= v1.10.9 by sending a malicious payload to TCP port 8888, overwriting EIP and achieving arbitrary code execution via SEH overwrite.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: CloudMe Sync <= v1.10.9
No auth needed
Prerequisites: Network access to target's port 8888 · CloudMe Sync client running on target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by boku · pythonlocalwindows
https://www.exploit-db.com/exploits/48840

This exploit leverages a buffer overflow in CloudMe 1.11.2 to bypass DEP and ASLR using ROP chains, ultimately executing arbitrary commands via msvcrt.system to add a new administrator user.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: CloudMe 1.11.2
No auth needed
Prerequisites: CloudMe.exe running as administrator · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Matteo Malvica · pythonremotewindows_x86-64
https://www.exploit-db.com/exploits/46250

This exploit targets a buffer overflow vulnerability in CloudMe Sync v1.11.2, leveraging a ROP chain to bypass DEP and execute arbitrary shellcode. The payload is designed to trigger a reverse shell or execute calc.exe as a proof-of-concept.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: CloudMe Sync 1.11.2
No auth needed
Prerequisites: Network access to the target on port 8888 · CloudMe Sync v1.11.2 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Raymond Wellnitz · rubyremotewindows_x86-64
https://www.exploit-db.com/exploits/45197

This Metasploit module exploits a stack buffer overflow in CloudMe 1.8.x/1.9.x, bypassing DEP via ROP chain to achieve remote code execution. It targets Windows systems by sending a crafted payload to port 8888.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CloudMe 1.8.x/1.9.x
No auth needed
Prerequisites: Network access to target's port 8888 · CloudMe service running on target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by latortuga71 · poc
https://github.com/latortuga71/CVE-2018-6892-Golang

This is a Golang port of a buffer overflow exploit for CloudMe 1.11.2. It leverages a stack-based overflow to execute reverse shell shellcode, targeting a vulnerable TCP service on port 8888.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CloudMe 1.11.2
No auth needed
Prerequisites: Vulnerable CloudMe 1.11.2 instance accessible on TCP port 8888 · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by crypticq · poc
https://github.com/crypticq/CLOUDME_B0F

This is a functional exploit for CVE-2018-6892, a buffer overflow vulnerability in CloudMe Sync. It sends a crafted payload with shellcode to trigger remote code execution via a TCP connection to port 8888.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CloudMe Sync 1.11.0
No auth needed
Prerequisites: Network access to the target's port 8888 · Target running vulnerable CloudMe Sync version
devstral-2 · analyzed Apr 18, 2026 Full analysis →
nomisec WORKING POC
by manojcode · poc
https://github.com/manojcode/CloudMe-Sync-1.10.9---Buffer-Overflow-SEH-DEP-Bypass

This is a functional exploit for CVE-2018-6892, targeting a buffer overflow vulnerability in CloudMe Sync <= 1.10.9. It bypasses DEP using ROP chains and executes a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: CloudMe Sync <= 1.10.9
No auth needed
Prerequisites: Network access to the target · CloudMe Sync service running on port 8888
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by manojcode · poc
https://github.com/manojcode/-Win10-x64-CloudMe-Sync-1.10.9-Buffer-Overflow-SEH-DEP-Bypass

This is a functional exploit for CVE-2018-6892, demonstrating a buffer overflow with SEH and DEP bypass in CloudMe Sync 1.10.9 on Windows 10 x64. It uses a ROP chain and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: CloudMe Sync <= 1.10.9
No auth needed
Prerequisites: Network access to the target system · CloudMe Sync service running on port 8888
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by hyp3rlinx, Daniel Teixeira · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/cloudme_sync.rb

This Metasploit module exploits a stack-based buffer overflow in CloudMe Sync v1.10.9 via a crafted TCP payload. It leverages SEH overwrites and NOP sleds to achieve remote code execution on Windows 7 SP1 x86.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CloudMe Sync v1.10.9
No auth needed
Prerequisites: Network access to target on port 8888 · Target running CloudMe Sync v1.10.9
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (10)

Core 10
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44175/
Exploit, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/3669
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46250/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45197/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44027/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/48840

Scores

CVSS v3 9.8
EPSS 0.8967
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
cloudme/sync < 1.10.9
Published Feb 11, 2018
Tracked Since Feb 18, 2026