3 matches found
Xiaomi Mi WiFi R3G Remote Code Execution (CVE-2019-18370)
A remote code execution vulnerability exists in Xiaomi Mi WiFi R3G. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2019-18370
The Xiaomi Mi WiFi R3G vulnerability (CVE-2019-18370) affects versions prior to 2.28.23-stable. The backup file (tar.gz) can be manipulated during upload, allowing control of contents in the decompressed directory via tar zxf. Additionally, the sh script used for testing speeds reads URLs from /t...
CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...