14 matches found
Malicious code in nectarine-r3g-project (npm)
The package nectarine-r3g-project was found to contain malicious code...
MAL-2025-27243 Malicious code in nectarine-r3g-project (npm)
The package nectarine-r3g-project was found to contain malicious code...
CVE-2019-18371
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...
Xiaomi Mi WiFi R3G Remote Code Execution (CVE-2019-18370)
A remote code execution vulnerability exists in Xiaomi Mi WiFi R3G. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...
CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...
CVE-2019-18371
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...
CVE-2019-18371
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...
Directory traversal
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...
Command injection
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...
CVE-2019-18371
CVE-2019-18371 affects Xiaomi Mi WiFi R3G devices pre-2.28.23-stable. Root cause is a directory traversal via a misconfigured NGINX alias (api-third-party/download/extdisks../etc/config/account) that lets an attacker read arbitrary files and bypass authentication. Affected: Xiaomi Mi WiFi R3G rou...
CVE-2019-18371
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...
CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...
CVE-2019-18370
The Xiaomi Mi WiFi R3G vulnerability (CVE-2019-18370) affects versions prior to 2.28.23-stable. The backup file (tar.gz) can be manipulated during upload, allowing control of contents in the decompressed directory via tar zxf. Additionally, the sh script used for testing speeds reads URLs from /t...