PT-2020-19821 · Xiaomi · Miplatform

Published

2020-07-17

Updated

2020-07-23

CVE-2020-7825

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MiPlatform versions prior to 2019.05.16

Description A vulnerability exists that could allow the execution of operating system commands. An attacker could execute arbitrary remote commands by sending parameters to the WinExec function in the ExtCommandApi.dll module.

Recommendations For versions prior to 2019.05.16, consider restricting access to the ExtCommandApi.dll module to minimize the risk of exploitation. As a temporary workaround, avoid using the WinExec function until a patch is available.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-7825

Affected Products

Miplatform

PT-2020-19821 · Xiaomi · Miplatform

CVE-2020-7825

Weakness Enumeration

Related Identifiers

Affected Products

References · 3