VYPR
Unrated severityNVD Advisory· Published Aug 2, 2023· Updated Oct 16, 2024

Xiaomi router external request interface has command injection

CVE-2023-26317

Description

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Xiaomi/Xiaomi routersllm-create2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: Xiaomi Router Firmware version before 2023.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.