Xiaomi routers
by Xiaomi
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45348 | 0.00 | — | 0.01 | Sep 23, 2024 | Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. | |||
| CVE-2023-26320 | 0.00 | — | 0.01 | Oct 11, 2023 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||
| CVE-2023-26319 | 0.00 | — | 0.01 | Oct 11, 2023 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||
| CVE-2023-26318 | 0.00 | — | 0.01 | Oct 11, 2023 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. | |||
| CVE-2023-26317 | 0.00 | — | 0.01 | Aug 2, 2023 | Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing. | |||
| CVE-2020-14094 | 0.00 | — | 0.02 | Jun 24, 2020 | In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. | |||
| CVE-2020-14095 | 0.00 | — | 0.02 | Jun 24, 2020 | In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution. |
- CVE-2024-45348Sep 23, 2024risk 0.00cvss —epss 0.01
Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
- CVE-2023-26320Oct 11, 2023risk 0.00cvss —epss 0.01
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
- CVE-2023-26319Oct 11, 2023risk 0.00cvss —epss 0.01
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
- CVE-2023-26318Oct 11, 2023risk 0.00cvss —epss 0.01
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.
- CVE-2023-26317Aug 2, 2023risk 0.00cvss —epss 0.01
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.
- CVE-2020-14094Jun 24, 2020risk 0.00cvss —epss 0.02
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
- CVE-2020-14095Jun 24, 2020risk 0.00cvss —epss 0.02
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.