Unrated severityNVD Advisory· Published Oct 23, 2019· Updated Aug 5, 2024
CVE-2019-18371
CVE-2019-18371
Description
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Xiaomi/Mi WiFi R3Gdescription
- Range: <2.28.23-stable
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.