VYPR

R3600

by Xiaomi

CVEs (6)

  • CVE-2020-14100Sep 11, 2020
    risk 0.00cvss epss 0.05

    In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.

  • CVE-2020-11961Jun 24, 2020
    risk 0.00cvss epss 0.01

    Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication

  • CVE-2020-11960Jun 24, 2020
    risk 0.00cvss epss 0.01

    Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS

  • CVE-2020-11959Jun 24, 2020
    risk 0.00cvss epss 0.01

    An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.

  • CVE-2020-14094Jun 24, 2020
    risk 0.00cvss epss 0.02

    In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.

  • CVE-2020-14095Jun 24, 2020
    risk 0.00cvss epss 0.02

    In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.