exploitDog

GHSA-7rfw-27hp-w56j

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

Ссылки

EPSS

Процентиль: 93%

0.10765

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2018-14060

CVSS3: 9.8

nvd

больше 7 лет назад

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

EPSS

Процентиль: 93%

0.10765

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78