CVE-2020-10561

Name of the Vulnerable Software and Affected Versions Xiaomi Mi Jia ink-jet printer versions prior to 3.4.6 0138

Description An issue was discovered in the Xiaomi Mi Jia ink-jet printer, where injecting parameters to the ippserver through the web management background results in command execution vulnerabilities.

Recommendations For versions prior to 3.4.6 0138, update to version 3.4.6 0138 or later to resolve the issue. As a temporary workaround, consider restricting access to the web management background to minimize the risk of exploitation. Avoid using the ippserver parameter in the affected API endpoint until the issue is resolved.