CRITICAL✓ PATCH🇬🇧 English

CVE-2020-14115

CVSS 9.8v3.1pub. 2022-03-10upd. 2024-11-21

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mi Ax3600

    HW
    Mi
    wszystkie wersje
  • Mi Ax3600 Firmware

    OS
    Mi
    < 1.0.67
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2020-14119CRITICAL9.8ten sam produkt

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution und...

CVE-2020-14124CRITICAL9.8ten sam produkt

There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiao...

CVE-2020-14111HIGH7.8ten sam produkt

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of...

CVE-2020-14110HIGH7.8ten sam produkt

AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive...

CVE-2020-14109HIGH7.2ten sam produkt

There is command injection in the meshd program in the routing system, resulting in command execution under ad...