2 matches found
CVE-2018-13023
The connected CNVD entry confirms a concrete vulnerability in Xiaomi Mi Router 3, affecting version 2.22.15, via the wifi_access endpoint. The root cause is a system command injection exploitable through the timeout URL parameter, enabling an attacker to execute arbitrary commands. CVSS info from...
CVE-2018-13023
System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...