Ultramangaia

**Name of the Vulnerable Software and Affected Versions** Xiaomi Mi WiFi R3G versions prior to 2.28.23-stable **Description** An issue was discovered where the backup file in tar.gz format can be manipulated to control the contents of the decompressed directory. Additionally, a command injection vulnerability exists in the application's sh script for testing upload and download speeds, which reads a URL list from /tmp/speedtest urls.xml. This vulnerability can be demonstrated through the "api/xqnetdetect/netspeed" endpoint. **Recommendations** For versions prior to 2.28.23-stable, update to version 2.28.23-stable or later to resolve the issue. As a temporary workaround, consider restricting access to the "api/xqnetdetect/netspeed" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Xiaomi Mi WiFi R3G versions prior to 2.28.23-stable **Description** A directory traversal issue allows attackers to read arbitrary files due to a misconfigured NGINX alias. This can be exploited via the "api-third-party/download/extdisks../etc/config/account" endpoint, enabling attackers to bypass authentication. **Recommendations** For versions prior to 2.28.23-stable, update to version 2.28.23-stable or later to resolve the issue. As a temporary workaround, consider restricting access to the NGINX alias to minimize the risk of exploitation.