Vulnerabilities > MI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-08 | CVE-2020-14099 | Use of Hard-coded Credentials vulnerability in MI Ax1800 Firmware and Rm1800 Firmware On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | 7.5 |
| 2021-01-13 | CVE-2020-14102 | Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. | 7.2 |
| 2021-01-13 | CVE-2020-14101 | Unspecified vulnerability in MI Ax1800 Firmware and Rm1800 Firmware The data collection SDK of the router web management interface caused the leakage of the token. | 7.5 |
| 2021-01-13 | CVE-2020-14098 | Improper Synchronization vulnerability in MI Ax1800 Firmware and Rm1800 Firmware The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. | 7.5 |
| 2021-01-13 | CVE-2020-14097 | Unspecified vulnerability in MI Redmi AX6 Firmware Wrong nginx configuration, causing specific paths to be downloaded without authorization. | 7.5 |
| 2020-09-11 | CVE-2020-14100 | Command Injection vulnerability in MI R3600 Firmware In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. | 9.8 |
| 2020-09-11 | CVE-2020-14096 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in MI Xiaomi AI Speaker Firmware Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | 9.8 |
| 2020-06-24 | CVE-2020-11961 | Missing Authentication for Critical Function vulnerability in MI Xiaomi R3600 Firmware Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication | 7.5 |
| 2020-06-24 | CVE-2020-11960 | Unspecified vulnerability in MI Xiaomi R3600 Firmware Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS | 9.8 |
| 2020-06-24 | CVE-2020-11959 | Unspecified vulnerability in MI Xiaomi R3600 Firmware An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. | 7.5 |