Vulnerabilities > MI > Ax3600 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2020-14111 Insufficient Verification of Data Authenticity vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12
A command injection vulnerability exists in the Xiaomi Router AX3600.
local
low complexity
mi CWE-345
7.8
2022-01-18 CVE-2020-14110 Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
local
low complexity
mi CWE-863
7.8
2021-09-16 CVE-2020-14109 Command Injection vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
network
low complexity
mi CWE-77
7.2
2021-04-08 CVE-2020-14104 Race Condition vulnerability in MI Ax3600 Firmware 1.0.50
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.
network
high complexity
mi CWE-362
8.1