Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.6 views

CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

9CVSS7.4AI score0.01883EPSS
Exploits0
OSV
OSV
added 2023/08/02 2:15 p.m.5 views

CVE-2023-26317

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...

9.8CVSS5.8AI score0.00948EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/08/02 2:15 p.m.4 views

CVE-2023-26317

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...

9.8CVSS5.9AI score0.00948EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/02 12:0 a.m.5 views

PT-2023-20608 · Xiaomi · Xiaomi Router

Name of the Vulnerable Software and Affected Versions: Xiaomi routers affected versions not specified Description: The issue is caused by inadequate filtering of responses from external interfaces, leading to command injection. Attackers can exploit this by hijacking the ISP or upper-layer routin...

9.8CVSS8.3AI score0.00948EPSS
Exploits0References4
NVD
NVD
added 2021/01/13 11:15 p.m.25 views

CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

9CVSS7.2AI score0.01883EPSS
Exploits0References1
Prion
Prion
added 2021/01/13 11:15 p.m.19 views

Design/Logic Flaw

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

5CVSS7.5AI score0.01223EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/01/13 10:33 p.m.41 views

CVE-2020-14102

The CVE-2020-14102 entry describes a command injection in the router’s Dynamic DNS (ddns) hostname processing, enabling attempted privilege escalation to root for the administrator user. Affected devices include Xiaomi AX1800rom software versions prior to 1.0.336 and Xiaomi RM1800 root prior to 1...

9CVSS7.2AI score0.01883EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/02/12 12:0 a.m.1 views

Remote Arbitrary Command Execution Vulnerability in Guest wi-fi Settings Function of Multiple Xiaomi Routers

Xiaomi Router R3D/R3P/R3C/R3 are router products. A remote arbitrary command execution vulnerability exists in the guest wi-fi settings feature of multiple Xiaomi routers. An attacker can exploit this vulnerability to remotely execute arbitrary code...

7.8AI score
Exploits0
Rows per page
Query Builder