Mi Xiaomi R3D Firmware vulnerabilities
2 known vulnerabilities affecting mi/xiaomi_r3d_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2018-14060P2CRITICALCVSS 9.8fixed in 2.26.42018-07-15
CVE-2018-14060 [CRITICAL] CWE-78 CVE-2018-14060: OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifia
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
nvd
CVE-2018-14010P2CRITICALCVSS 9.8fixed in 2.26.42018-07-15
CVE-2018-14010 [CRITICAL] CWE-78 CVE-2018-14010: OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
nvd