Lucene search

XiaomiCVE-2023-26319

HistoryOct 11, 2023 - 7:15 a.m.

CVE-2023-26319

2023-10-1107:15:10

CWE-77

Xiaomi

web.nvd.nist.gov

cve

2023

26319

command injection

xiaomi router

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Xiaomi Xiaomi Router allows Command Injection.

Affected configurations

Nvd

Node

mixiaomi_router_ax3200_firmwareRange<2023.2

AND

mixiaomi_router_ax3200Match-

VendorProductVersionCPE
mixiaomi_router_ax3200_firmware*cpe:2.3:o:mi:xiaomi_router_ax3200_firmware:*:*:*:*:*:*:*:*
mixiaomi_router_ax3200-cpe:2.3:h:mi:xiaomi_router_ax3200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mi	xiaomi_router_ax3200_firmware	*	cpe:2.3:o:mi:xiaomi_router_ax3200_firmware::::::::
mi	xiaomi_router_ax3200	-	cpe:2.3:h:mi:xiaomi_router_ax3200:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Xiaomi Router",
    "vendor": "Xiaomi",
    "versions": [
      {
        "lessThan": "fw version before 2023.2",
        "status": "affected",
        "version": "0",
        "versionType": "2023.2"
      }
    ]
  }
]

References

trust.mi.com/misrc/bulletins/advisory?cveId=536

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Related for CVE-2023-26319