Lucene search

XiaomiCVE-2023-26320

HistoryOct 11, 2023 - 7:15 a.m.

CVE-2023-26320

2023-10-1107:15:10

CWE-77

Xiaomi

web.nvd.nist.gov

cve

command injection

xiaomi router

vulnerability

nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

31.9%

JSON

Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Xiaomi Xiaomi Router allows Command Injection.

Affected configurations

Nvd

Node

mixiaomi_router_ax3200_firmwareRange<2023.2

AND

mixiaomi_router_ax3200Match-

VendorProductVersionCPE
mixiaomi_router_ax3200_firmware*cpe:2.3:o:mi:xiaomi_router_ax3200_firmware:*:*:*:*:*:*:*:*
mixiaomi_router_ax3200-cpe:2.3:h:mi:xiaomi_router_ax3200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mi	xiaomi_router_ax3200_firmware	*	cpe:2.3:o:mi:xiaomi_router_ax3200_firmware::::::::
mi	xiaomi_router_ax3200	-	cpe:2.3:h:mi:xiaomi_router_ax3200:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Xiaomi Router",
    "vendor": "Xiaomi",
    "versions": [
      {
        "lessThan": "fw version before 2023.2",
        "status": "affected",
        "version": "0",
        "versionType": "2023.2"
      }
    ]
  }
]

References

trust.mi.com/misrc/bulletins/advisory?cveId=540

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

31.9%

JSON

Related for CVE-2023-26320