When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.
References
Link | Resource |
---|---|
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506 | Vendor Advisory |
Configurations
History
06 Apr 2023, 17:48
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 | |
First Time |
Mi
Mi xiaomi Router Firmware |
|
CPE | cpe:2.3:o:mi:xiaomi_router_firmware:*:*:*:*:*:*:*:* | |
References | (MISC) https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
29 Mar 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-29 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2020-14140
Mitre link : CVE-2020-14140
CVE.ORG link : CVE-2020-14140
JSON object : View
Products Affected
mi
- xiaomi_router_firmware
CWE
CWE-306
Missing Authentication for Critical Function