Unrated severityNVD Advisory· Published Jul 15, 2018· Updated Aug 5, 2024

CVE-2018-14010

Description

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Xiaomi/R3Pllm-create
Range: <2.14.5
Xiaomi/R3Cllm-create
Range: <2.12.15
Xiaomi/R3llm-create
Range: <2.22.15
Xiaomi/R3Dllm-fuzzy
Range: <2.26.4

Patches

Vulnerability mechanics

References

www.cnvd.org.cn/flaw/show/CNVD-2018-04521mitrex_refsource_MISC
github.com/cc-crack/router/blob/master/CNVD-2018-04521.pymitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000