Vulnerabilities > MI > Ax3600 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2020-14111 Insufficient Verification of Data Authenticity vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12
A command injection vulnerability exists in the Xiaomi Router AX3600.
local
low complexity
mi CWE-345
7.8
2022-03-10 CVE-2020-14115 Insufficient Verification of Data Authenticity vulnerability in MI Ax3600 Firmware 1.0.50
A command injection vulnerability exists in the Xiaomi Router AX3600.
network
low complexity
mi CWE-345
critical
9.8
2022-01-18 CVE-2020-14110 Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
local
low complexity
mi CWE-863
7.8
2021-09-16 CVE-2020-14124 Classic Buffer Overflow vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
network
low complexity
mi CWE-120
critical
9.8
2021-09-16 CVE-2020-14109 Command Injection vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
network
low complexity
mi CWE-77
7.2
2021-04-08 CVE-2020-14104 Race Condition vulnerability in MI Ax3600 Firmware 1.0.50
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.
network
high complexity
mi CWE-362
8.1