Xiaomi router external request interface has command injection
CVE-2023-26317

7HIGH

Key Information:

Vendor: Xiaomi
Status: Xiaomi Router
Vendor: CVE Published:; 2 August 2023

What is CVE-2023-26317?

Xiaomi routers have a security flaw due to inadequate filtering of responses from their external interfaces. This command injection vulnerability enables attackers to manipulate router commands, potentially gaining unauthorized access by hijacking the Internet Service Provider (ISP) or utilizing upper-layer routing mechanisms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Xiaomi router Xiaomi Router Firmware version before 2023.2 <= 2023.2

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2023
Vulnerability Reserved
Feb 22, 2023

JSON

Xiaomi