Vulnerabilities > MI > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-14102 Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router.
network
low complexity
mi CWE-77
critical
9.0
2020-09-11 CVE-2020-14100 Improper Privilege Management vulnerability in MI R3600 Firmware
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution.
network
low complexity
mi CWE-269
critical
10.0
2018-11-27 CVE-2018-16130 OS Command Injection vulnerability in MI Miwifi OS 2.22.15
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.
network
low complexity
mi CWE-78
critical
9.0
2018-11-27 CVE-2018-13023 OS Command Injection vulnerability in MI Miwifi OS 2.22.15
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.
network
low complexity
mi CWE-78
critical
9.0
2018-07-15 CVE-2018-14060 OS Command Injection vulnerability in MI Xiaomi R3D Firmware
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
network
low complexity
mi CWE-78
critical
10.0
2018-07-15 CVE-2018-14010 OS Command Injection vulnerability in MI products
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
network
low complexity
mi CWE-78
critical
10.0