18 matches found
CVE-2020-14115
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...
Xiaomi Router AX3600 Command Injection Vulnerability
Xiaomi router AX3600 is a router from Xiaomi, China.A command injection vulnerability exists in Xiaomi Router AX3600 prior to 1.1.15, which stems from a lack of inspection of incoming data and can be exploited by attackers to execute code...
CVE-2020-14115
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...
CVE-2020-14111
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...
Command injection
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...
Command injection
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...
CVE-2020-14111
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...
CVE-2020-14111
The Xiaomi Router AX3600 is affected by a command injection vulnerability caused by insufficient input validation. Exploitation could allow an attacker to execute arbitrary code on the device. Affected versions include prior to 1.1.15; remediation is to update to 1.1.15 or later as indicated by C...
CVE-2020-14124
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom 1.1.12...
CVE-2020-14119
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom 1.1.12...
Buffer overflow
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom 1.1.12...
Command injection
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom 1.1.12...
Command injection
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version = 1.1.12...
CVE-2020-14124
CVE-2020-14124 describes a buffer overflow in librsa.so invoked by the getwifipwdurl/getWifiPwdUrl interface on the Xiaomi AX3600 router, leading to remote code execution. Affected condition is ROM version
CVE-2020-14119
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom 1.1.12...
CVE-2020-14119
CVE-2020-14119 concerns a command‑injection vulnerability in Xiaomi AX3600 routers. The flaw is in the xqnetwork.lua “addMeshNode” interface, caused by insufficient parameter validation, allowing an attacker to execute commands with administrator privileges. Affected device: AX3600 with ROM versi...
CVE-2020-14104
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50...
CVE-2020-14104
CVE-2020-14104 concerns a race condition in the XQBACKUP component of the Xiaomi router AX3600 running ROM 1.0.50, causing a decompression path error. The issue is documented across multiple sources as affecting the AX3600 with ROM 1.0.50, and it originates from a race condition in XQBACKUP. The ...