Vulnerabilities > CVE-2020-14110 - Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

CWE-863

NVD

Published: 2022-01-18

Updated: 2022-01-24

Summary

AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.

Vulnerable Configurations

Part	Description	Count
OS	Mi MI Ax3600 Firmware - MI Ax3600 Firmware 1.0.50	2
Hardware	Mi MI Ax3600 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=40