Xiaomi Router external request interface vulnerability leads to stack overflow
CVE-2023-26320

8.1HIGH

Key Information:

Vendor
Xiaomi
Status
Xiaomi Router
Vendor
CVE Published:
11 October 2023

Summary

A command injection vulnerability exists in Xiaomi Router that allows attackers to execute arbitrary commands on the device through improper neutralization of special elements. This flaw could enable unauthorized access and manipulation of the router, posing serious risks to network security and integrity. Users of the affected router models should take immediate action to apply security patches and enhance their network defenses.

Affected Version(s)

Xiaomi Router 0

References

https://trust.mi.com/misrc/bulletins/advisory?cveId=540

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-26320 : Xiaomi Router external request interface vulnerability leads to stack overflow | SecurityVulnerability.io