Xiaomi Router external request interface vulnerability leads to stack overflow
CVE-2023-26320

8.1HIGH

Key Information:

Vendor: Xiaomi
Status: Xiaomi Router
Vendor: CVE Published:; 11 October 2023

What is CVE-2023-26320?

A command injection vulnerability exists in Xiaomi Router that allows attackers to execute arbitrary commands on the device through improper neutralization of special elements. This flaw could enable unauthorized access and manipulation of the router, posing serious risks to network security and integrity. Users of the affected router models should take immediate action to apply security patches and enhance their network defenses.

Affected Version(s)

Xiaomi Router 0

References

https://trust.mi.com/misrc/bulletins/advisory?cveId=540

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2023
Vulnerability Reserved
Feb 22, 2023