Mi Ax3600 Firmware vulnerabilities
6 known vulnerabilities affecting mi/ax3600_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4
Vulnerabilities
Page 1 of 1
CVE-2020-14115P2CRITICALCVSS 9.8fixed in 1.0.672022-03-10
CVE-2020-14115 [CRITICAL] CWE-345 CVE-2020-14115: A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
nvd
CVE-2020-14124P3CRITICALCVSS 9.8≤ 1.1.122021-09-16
CVE-2020-14124 [CRITICAL] CWE-120 CVE-2020-14124: There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code executi
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
nvd
CVE-2020-14109P3HIGHCVSS 7.2≤ 1.1.122021-09-16
CVE-2020-14109 [HIGH] CWE-77 CVE-2020-14109: There is command injection in the meshd program in the routing system, resulting in command executio
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
nvd
CVE-2020-14111P3HIGHCVSS 7.8fixed in 1.1.152022-03-10
CVE-2020-14111 [HIGH] CWE-345 CVE-2020-14111: A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
nvd
CVE-2020-14104P3HIGHCVSS 8.1≤ 1.0.502021-04-08
CVE-2020-14104 [HIGH] CWE-362 CVE-2020-14104: A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM vers
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.
nvd
CVE-2020-14110P4HIGHCVSS 7.8fixed in 1.0.672022-01-18
CVE-2020-14110 [HIGH] CWE-863 CVE-2020-14110: AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
nvd