Lucene search

[email protected]CVE-2023-26317

HistoryAug 02, 2023 - 2:15 p.m.

CVE-2023-26317

2023-08-0214:15:10

CWE-77

[email protected]

web.nvd.nist.gov

xiaomi

routers

vulnerability

remote code execution

command injection

nvd

cve-2023-26317

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

JSON

A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.

Affected configurations

NVD

Node

mixiaomi_router_firmwareRange<2023.2

CPENameOperatorVersion
mi:xiaomi_router_firmwaremi xiaomi router firmwarelt2023.2

CPE	Name	Operator	Version
mi:xiaomi_router_firmware	mi xiaomi router firmware	lt	2023.2

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Xiaomi Router Multi Devices",
    "versions": [
      {
        "version": "Xiaomi Router Firmware version before 2023.2",
        "status": "affected"
      }
    ]
  }
]

References

trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

JSON

Related for CVE-2023-26317

prion1 nvd1 cvelist1