R3600
by Xiaomi
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14100 | 0.00 | — | 0.05 | Sep 11, 2020 | In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. | |||
| CVE-2020-11961 | 0.00 | — | 0.01 | Jun 24, 2020 | Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication | |||
| CVE-2020-11960 | 0.00 | — | 0.01 | Jun 24, 2020 | Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS | |||
| CVE-2020-11959 | 0.00 | — | 0.01 | Jun 24, 2020 | An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. | |||
| CVE-2020-14094 | 0.00 | — | 0.02 | Jun 24, 2020 | In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. | |||
| CVE-2020-14095 | 0.00 | — | 0.02 | Jun 24, 2020 | In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution. |
- CVE-2020-14100Sep 11, 2020risk 0.00cvss —epss 0.05
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
- CVE-2020-11961Jun 24, 2020risk 0.00cvss —epss 0.01
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
- CVE-2020-11960Jun 24, 2020risk 0.00cvss —epss 0.01
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS
- CVE-2020-11959Jun 24, 2020risk 0.00cvss —epss 0.01
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
- CVE-2020-14094Jun 24, 2020risk 0.00cvss —epss 0.02
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
- CVE-2020-14095Jun 24, 2020risk 0.00cvss —epss 0.02
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.