Vulnerabilities > CVE-2020-11960 - Unspecified vulnerability in MI Xiaomi R3600 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2020-06-24

Updated: 2020-06-30

Summary

Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS

Vulnerable Configurations

Part	Description	Count
OS	Mi MI Xiaomi R3600 Firmware *	1
Hardware	Mi MI Xiaomi R3600 -	1

References

https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=15