AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMi Ax3600
HWMiwszystkie wersjeMi Ax3600 Firmware
OSMi< 1.0.67
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2020-14115CRITICAL9.8ten sam produkt
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of...
CVE-2020-14119CRITICAL9.8ten sam produkt
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution und...
CVE-2020-14124CRITICAL9.8ten sam produkt
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiao...
CVE-2020-14111HIGH7.8ten sam produkt
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of...
CVE-2020-14109HIGH7.2ten sam produkt
There is command injection in the meshd program in the routing system, resulting in command execution under ad...