CVE-2023-26315

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xiaomi router AX9000 versions all

Description The issue is a post-authentication command injection vulnerability caused by the lack of input filtering, allowing an attacker to obtain root access to the device.

Recommendations Update to the latest firmware version to secure the device. As a temporary workaround, consider restricting access to the device until a patch is available.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2023-26315

Affected Products

Xiaomi Router Ax9000

CVE-2023-26315

Weakness Enumeration

Related Identifiers

Affected Products

References · 11