Xiaomi Router administration interface vulnerability leads command injection and stack overflow
CVE-2023-26319

7.2HIGH

Key Information:

Vendor: Xiaomi
Status: Xiaomi Router
Vendor: CVE Published:; 11 October 2023

Summary

A command injection vulnerability has been identified in Xiaomi Router, allowing attackers to execute arbitrary commands on the device. This weakness stems from improper neutralization of special elements within command inputs, which could be exploited to manipulate device behavior and gain unauthorized access. It is crucial for users to apply relevant security measures and updates to safeguard their networks against potential exploitation.

Affected Version(s)

Xiaomi Router 0

References

https://trust.mi.com/misrc/bulletins/advisory?cveId=536

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2023
Vulnerability Reserved
Feb 22, 2023