Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14115 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. | |||||
| CVE-2020-14111 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. | |||||
| CVE-2020-14109 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | |||||
| CVE-2020-14124 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. | |||||
| CVE-2020-14110 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | |||||
| CVE-2020-14119 | 1 Mi | 1 Ax3600 | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 | |||||
| CVE-2020-14104 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | |||||