Описание
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2020 (включая) до 2023.2 (исключая)
cpe:2.3:o:mi:xiaomi_router_firmware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00381
Низкий
7.5 High
CVSS3
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
почти 3 года назад
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.
EPSS
Процентиль: 59%
0.00381
Низкий
7.5 High
CVSS3
Дефекты
CWE-306
CWE-306