CVE-2023-26317

2023-08-0200:00:00

Xiaomi

www.cve.org

xiaomi

routers

vulnerability

remote code execution

command injection

external interface

isp

compromise

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

JSON

A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Xiaomi Router Multi Devices",
    "versions": [
      {
        "version": "Xiaomi Router Firmware version before 2023.2",
        "status": "affected"
      }
    ]
  }
]

References

trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529