Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.7 views

CVE-2020-14115

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...

10CVSS7.6AI score0.01107EPSS
Exploits0
CNVD
CNVD
added 2022/03/14 12:0 a.m.115 views

Xiaomi Router AX3600 Command Injection Vulnerability

Xiaomi router AX3600 is a router from Xiaomi, China.A command injection vulnerability exists in Xiaomi Router AX3600 prior to 1.1.15, which stems from a lack of inspection of incoming data and can be exploited by attackers to execute code...

7.8CVSS6.2AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2022/03/10 5:41 p.m.5 views

CVE-2020-14115

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...

9.8CVSS5.9AI score0.01107EPSS
Exploits0References1
OSV
OSV
added 2022/03/10 5:41 p.m.2 views

CVE-2020-14111

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...

7.8CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2022/03/10 5:41 p.m.17 views

Command injection

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...

10CVSS9.6AI score0.01107EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/10 5:41 p.m.18 views

Command injection

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...

7.2CVSS7.9AI score0.00319EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/07 3:24 p.m.21 views

CVE-2020-14111

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...

7.9AI score0.00319EPSS
Exploits0References1
CVE
CVE
added 2022/03/07 3:24 p.m.65 views

CVE-2020-14111

The Xiaomi Router AX3600 is affected by a command injection vulnerability caused by insufficient input validation. Exploitation could allow an attacker to execute arbitrary code on the device. Affected versions include prior to 1.1.15; remediation is to update to 1.1.15 or later as indicated by C...

7.8CVSS7.8AI score0.00319EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/09/16 1:15 p.m.16 views

CVE-2020-14124

There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom 1.1.12...

9.8CVSS0.01952EPSS
Exploits0References1
NVD
NVD
added 2021/09/16 1:15 p.m.19 views

CVE-2020-14119

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom 1.1.12...

10CVSS0.02959EPSS
Exploits0References1
Prion
Prion
added 2021/09/16 1:15 p.m.12 views

Buffer overflow

There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom 1.1.12...

7.5CVSS9.8AI score0.01952EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/09/16 1:15 p.m.17 views

Command injection

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom 1.1.12...

10CVSS9.7AI score0.02959EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/09/16 12:15 p.m.12 views

Command injection

There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version = 1.1.12...

9CVSS7.3AI score0.02165EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/09/16 12:8 p.m.41 views

CVE-2020-14124

CVE-2020-14124 describes a buffer overflow in librsa.so invoked by the getwifipwdurl/getWifiPwdUrl interface on the Xiaomi AX3600 router, leading to remote code execution. Affected condition is ROM version

9.8CVSS9.9AI score0.01952EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/16 12:3 p.m.23 views

CVE-2020-14119

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom 1.1.12...

9.8AI score0.02959EPSS
Exploits0References1
CVE
CVE
added 2021/09/16 12:3 p.m.40 views

CVE-2020-14119

CVE-2020-14119 concerns a command‑injection vulnerability in Xiaomi AX3600 routers. The flaw is in the xqnetwork.lua “addMeshNode” interface, caused by insufficient parameter validation, allowing an attacker to execute commands with administrator privileges. Affected device: AX3600 with ROM versi...

10CVSS9.7AI score0.02959EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/08 5:44 p.m.43 views

CVE-2020-14104

A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50...

8.1AI score0.00665EPSS
Exploits0References1
CVE
CVE
added 2021/04/08 5:44 p.m.70 views

CVE-2020-14104

CVE-2020-14104 concerns a race condition in the XQBACKUP component of the Xiaomi router AX3600 running ROM 1.0.50, causing a decompression path error. The issue is documented across multiple sources as affecting the AX3600 with ROM 1.0.50, and it originates from a race condition in XQBACKUP. The ...

8.1CVSS8AI score0.00665EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder