4 matches found
Xiaomi Mi WiFi R3G Routers - Local file Inclusion
Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. id: CVE-2019-18371...
CVE-2019-18371
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...
CVE-2019-18371
creationtimestamp| type| source ---|---|--- 2024-01-27 09:11:40+00:00| seen| https://t.me/ctinow/174700 2024-03-10 00:23:58+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/10119 2025-02-20 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-2...
CVE-2019-18371
CVE-2019-18371 affects Xiaomi Mi WiFi R3G devices pre-2.28.23-stable. Root cause is a directory traversal via a misconfigured NGINX alias (api-third-party/download/extdisks../etc/config/account) that lets an attacker read arbitrary files and bypass authentication. Affected: Xiaomi Mi WiFi R3G rou...