Vulnerabilities > MI > Ax1800 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-08 CVE-2020-14099 Use of Hard-coded Credentials vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
network
low complexity
mi CWE-798
7.5
2021-01-13 CVE-2020-14102 Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router.
network
low complexity
mi CWE-77
7.2
2021-01-13 CVE-2020-14101 Unspecified vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
The data collection SDK of the router web management interface caused the leakage of the token.
network
low complexity
mi
7.5
2021-01-13 CVE-2020-14098 Improper Synchronization vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts.
network
low complexity
mi CWE-662
7.5