Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday84 views

Xiaomi Mi WiFi R3G Routers - Local file Inclusion

Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. id: CVE-2019-18371...

7.5CVSS7AI score0.55872EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.12 views

CVE-2019-18371

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...

7.5CVSS6.9AI score0.55872EPSS
Exploits2References1
Circl
Circl
added 2024/01/27 9:11 a.m.172 views

CVE-2019-18371

creationtimestamp| type| source ---|---|--- 2024-01-27 09:11:40+00:00| seen| https://t.me/ctinow/174700 2024-03-10 00:23:58+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/10119 2025-02-20 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-2...

7.5CVSS7AI score0.55872EPSS
In wildExploits2References5
CVE
CVE
added 2019/10/23 8:2 p.m.125 views

CVE-2019-18371

CVE-2019-18371 affects Xiaomi Mi WiFi R3G devices pre-2.28.23-stable. Root cause is a directory traversal via a misconfigured NGINX alias (api-third-party/download/extdisks../etc/config/account) that lets an attacker read arbitrary files and bypass authentication. Affected: Xiaomi Mi WiFi R3G rou...

7.5CVSS7.6AI score0.55872EPSS
In wildExploits2References1Affected Software1
Rows per page
Query Builder