EUVD-2020-6261

Malware in sbrugna...

CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

Weak Password Vulnerability in RM1800-35(V3) of Mapletree Technology Co.

RM1800-35V3 is a router product from Mapletree Technology Co. The RM1800-35V3 from MyPlanet Technologies Co., Ltd. suffers from a weak password vulnerability that can be exploited by attackers to obtain sensitive information...

CVE-2020-14099

On Xiaomi router AX1800 rom version 1.0.336 and RM1800 root version 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password...

CVE-2020-14099

The CVE-2020-14099 entry describes a vulnerability in Xiaomi router AX1800 ROMs older than 1.0.336 and RM1800 root versions older than 1.0.26, where the backup file encryption uses hard-coded keys. This could expose sensitive information such as user passwords. The issue is tied to the encryption...

Xiaomi router AX1800 信任管理问题漏洞

Xiaomi router AX1800 is a router from China-based Xiaomi. A security vulnerability exists in Xiaomi router AX1800 rom version prior to 1.0.336 and RM1800 root version prior to 1.0.26, which stems from the encryption scheme of the user's backup file using a hard-coded key...

CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14101

The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14098

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14098

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

Design/Logic Flaw

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

Command injection

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14098

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14101

The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14101

CVE-2020-14101 affects Xiaomi router software: the data collection SDK in the web management interface causes leakage of the authentication token in affected builds—AX1800ROM < 1.0.336 and RM1800 Root

Xiaomi AX1800 Security Vulnerability

The Xiaomi AX1800 is a router from the Chinese company Xiaomi Xiaomi. A security vulnerability exists in the Xiaomi router that stems from an issue where the time is not synchronized after a router reboot, which can bypass login authentication. The following products and versions are affected:...