Vulnerabilities > MI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-16130 | OS Command Injection vulnerability in MI Miwifi OS 2.22.15 System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13023 | OS Command Injection vulnerability in MI Miwifi OS 2.22.15 System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13022 | Cross-site Scripting vulnerability in MI Miwifi OS 2.22.15 Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | 6.1 |
| 2018-11-14 | CVE-2018-6065 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2018-09-05 | CVE-2018-16307 | Information Exposure vulnerability in MI Xiaomi Miwifi Xiaomi 55Dd Firmware 2.8.50 An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. | 7.5 |
| 2018-07-15 | CVE-2018-14060 | OS Command Injection vulnerability in MI Xiaomi R3D Firmware OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | 9.8 |
| 2018-07-15 | CVE-2018-14010 | OS Command Injection vulnerability in MI products OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | 9.8 |