8 matches found
CVE-2020-14102
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...
CVE-2023-26317
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...
CVE-2023-26317
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...
PT-2023-20608 · Xiaomi · Xiaomi Router
Name of the Vulnerable Software and Affected Versions: Xiaomi routers affected versions not specified Description: The issue is caused by inadequate filtering of responses from external interfaces, leading to command injection. Attackers can exploit this by hijacking the ISP or upper-layer routin...
CVE-2020-14102
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...
Design/Logic Flaw
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...
CVE-2020-14102
The CVE-2020-14102 entry describes a command injection in the router’s Dynamic DNS (ddns) hostname processing, enabling attempted privilege escalation to root for the administrator user. Affected devices include Xiaomi AX1800rom software versions prior to 1.0.336 and Xiaomi RM1800 root prior to 1...
Remote Arbitrary Command Execution Vulnerability in Guest wi-fi Settings Function of Multiple Xiaomi Routers
Xiaomi Router R3D/R3P/R3C/R3 are router products. A remote arbitrary command execution vulnerability exists in the guest wi-fi settings feature of multiple Xiaomi routers. An attacker can exploit this vulnerability to remotely execute arbitrary code...