PT-2018-11543 · Xiaomi · Xiaomi Mi Router 3

Published

2018-11-27

Updated

2019-10-03

CVE-2018-13023

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xiaomi Mi Router 3 version 2.22.15

Description A system command injection issue exists, allowing attackers to execute system commands. This is achieved via the timeout URL parameter in the wifi access functionality.

Recommendations For version 2.22.15, consider restricting access to the wifi access functionality until a patch is available. As a temporary workaround, avoid using the timeout parameter in the affected URL to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-13023

Affected Products

Xiaomi Mi Router 3

PT-2018-11543 · Xiaomi · Xiaomi Mi Router 3

CVE-2018-13023

Weakness Enumeration

Related Identifiers

Affected Products

References · 3