Xiaomi Router AX9000 Vulnerable to Post-Authorization Command Injection
CVE-2024-45348

6.4MEDIUM

Key Information:

Vendor: Xiaomi
Status: Xiaomi Router Ax9000
Vendor: CVE Published:; 23 September 2024

What is CVE-2024-45348?

The Xiaomi Router AX9000 is affected by a post-authorization command injection vulnerability. This flaw stems from the inadequate validation of user input, which allows attackers to exploit the vulnerability and execute arbitrary commands on the device. Such an exploit could lead to unauthorized actions, potentially compromising the integrity and security of the network. Users of the affected router are advised to review security measures and apply necessary updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Xiaomi Router AX9000 1.0.173

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2024