CVE-2023-26317

Опубликовано: 02 авг. 2023

Источник: nvd

CVSS3: 7

CVSS3: 9.8

EPSS Низкий

Описание

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.

Ссылки

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529
Vendor Advisory
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:mi:xiaomi_router_firmware:*:*:*:*:*:*:*:*

Версия до 2023.2 (исключая)

EPSS

Процентиль: 65%

0.00485

Низкий

7 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-77

Связанные уязвимости

GHSA-x3cm-94m2-6vw4

CVSS3: 9.8

github

больше 2 лет назад

A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.

EPSS

Процентиль: 65%

0.00485

Низкий

7 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-77