PT-2020-4298 · Xiaomi · Xiaomi R3600

Published

2020-09-11

Updated

2021-07-21

CVE-2020-14100

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Xiaomi R3600 ROM version prior to 1.0.66

Description: The issue is related to insufficient input validation in the set WAN6 interface of the Xiaomi R3600 router's firmware, allowing filters to be bypassed. This can lead to remote code execution, enabling an attacker to gain root access to the router. An attacker can exploit this issue by sending specially crafted network packets to the targeted system.

Recommendations: For versions prior to 1.0.66, update to version 1.0.66 or later to resolve the issue. As a temporary workaround, consider restricting access to the set WAN6 interface until a patch is available.

Fix

Command Injection

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-269

Related Identifiers

BDU:2020-04791

CVE-2020-14100

Affected Products

Xiaomi R3600

PT-2020-4298 · Xiaomi · Xiaomi R3600

CVE-2020-14100

Weakness Enumeration

Related Identifiers

Affected Products

References · 5