Vulnerabilities > MI > Xiaomi R3D Firmware > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-15 | CVE-2018-14010 | OS Command Injection vulnerability in MI products OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | 9.8 |
2018-07-15 | CVE-2018-14060 | OS Command Injection vulnerability in MI Xiaomi R3D Firmware OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | 9.8 |