PT-2018-13414 · Xiaomi · Xiaomi Mi Router 3

Published

2018-11-27

Updated

2019-10-03

CVE-2018-16130

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xiaomi Mi Router 3 version 2.22.15

Description The issue allows attackers to execute arbitrary system commands via the payload variable in the request mitv function. This can be achieved by manipulating the "payload" URL parameter.

Recommendations For Xiaomi Mi Router 3 version 2.22.15, consider restricting access to the request mitv function until a patch is available. As a temporary workaround, avoid using the payload variable in the affected URL parameter to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-16130

Affected Products

Xiaomi Mi Router 3

PT-2018-13414 · Xiaomi · Xiaomi Mi Router 3

CVE-2018-16130

Weakness Enumeration

Related Identifiers

Affected Products

References · 3