Search criteria
8 vulnerabilities found for rm1800_firmware by mi
CVE-2020-14099 (GCVE-0-2020-14099)
Vulnerability from nvd – Published: 2021-04-08 17:52 – Updated: 2024-08-04 12:39
VLAI?
Summary
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi Router AX1800,Xiaomi Rourer RM1800 |
Affected:
Xiaomi Router AX1800 rom version < 1.0.336, Xiaomi Router RM1800 root version < 1.0.26
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi Router AX1800,Xiaomi Rourer RM1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi Router AX1800 rom version \u003c 1.0.336, Xiaomi Router RM1800 root version \u003c 1.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Xiaomi router AX1800 rom version \u003c 1.0.336 and RM1800 root version \u003c 1.0.26, the encryption scheme for a user\u0027s backup files uses hard-coded keys, which can expose sensitive information such as a user\u0027s password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T17:52:45",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi Router AX1800,Xiaomi Rourer RM1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi Router AX1800 rom version \u003c 1.0.336, Xiaomi Router RM1800 root version \u003c 1.0.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Xiaomi router AX1800 rom version \u003c 1.0.336 and RM1800 root version \u003c 1.0.26, the encryption scheme for a user\u0027s backup files uses hard-coded keys, which can expose sensitive information such as a user\u0027s password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14099",
"datePublished": "2021-04-08T17:52:45",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14102 (GCVE-0-2020-14102)
Vulnerability from nvd – Published: 2021-01-13 22:33 – Updated: 2024-08-04 12:39
VLAI?
Summary
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Severity ?
No CVSS data available.
CWE
- command injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | Xiaomi router AX1800 |
Affected:
Xiaomi router AX1800rom version < 1.0.336
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23\u0026locale=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi router AX1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
},
{
"product": "Xiaomi route RM1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:33:05",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23\u0026locale=en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi router AX1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
}
},
{
"product_name": "Xiaomi route RM1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23\u0026locale=en",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23\u0026locale=en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14102",
"datePublished": "2021-01-13T22:33:05",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14101 (GCVE-0-2020-14101)
Vulnerability from nvd – Published: 2021-01-13 22:25 – Updated: 2024-08-04 12:39
VLAI?
Summary
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | Xiaomi router AX1800 |
Affected:
Xiaomi router AX1800rom version < 1.0.336
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=24\u0026locale=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi router AX1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
},
{
"product": "Xiaomi route RM1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:25:07",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=24\u0026locale=en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi router AX1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
}
},
{
"product_name": "Xiaomi route RM1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=24\u0026locale=en",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=24\u0026locale=en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14101",
"datePublished": "2021-01-13T22:25:07",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14098 (GCVE-0-2020-14098)
Vulnerability from nvd – Published: 2021-01-13 22:30 – Updated: 2024-08-04 12:39
VLAI?
Summary
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | Xiaomi router AX1800 |
Affected:
Xiaomi router AX1800rom version < 1.0.336
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22\u0026locale=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi router AX1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
},
{
"product": "Xiaomi route RM1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:30:41",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22\u0026locale=en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi router AX1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
}
},
{
"product_name": "Xiaomi route RM1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22\u0026locale=en",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22\u0026locale=en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14098",
"datePublished": "2021-01-13T22:30:41",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14099 (GCVE-0-2020-14099)
Vulnerability from cvelistv5 – Published: 2021-04-08 17:52 – Updated: 2024-08-04 12:39
VLAI?
Summary
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi Router AX1800,Xiaomi Rourer RM1800 |
Affected:
Xiaomi Router AX1800 rom version < 1.0.336, Xiaomi Router RM1800 root version < 1.0.26
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi Router AX1800,Xiaomi Rourer RM1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi Router AX1800 rom version \u003c 1.0.336, Xiaomi Router RM1800 root version \u003c 1.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Xiaomi router AX1800 rom version \u003c 1.0.336 and RM1800 root version \u003c 1.0.26, the encryption scheme for a user\u0027s backup files uses hard-coded keys, which can expose sensitive information such as a user\u0027s password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T17:52:45",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi Router AX1800,Xiaomi Rourer RM1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi Router AX1800 rom version \u003c 1.0.336, Xiaomi Router RM1800 root version \u003c 1.0.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Xiaomi router AX1800 rom version \u003c 1.0.336 and RM1800 root version \u003c 1.0.26, the encryption scheme for a user\u0027s backup files uses hard-coded keys, which can expose sensitive information such as a user\u0027s password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14099",
"datePublished": "2021-04-08T17:52:45",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14102 (GCVE-0-2020-14102)
Vulnerability from cvelistv5 – Published: 2021-01-13 22:33 – Updated: 2024-08-04 12:39
VLAI?
Summary
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Severity ?
No CVSS data available.
CWE
- command injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | Xiaomi router AX1800 |
Affected:
Xiaomi router AX1800rom version < 1.0.336
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23\u0026locale=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi router AX1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
},
{
"product": "Xiaomi route RM1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:33:05",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23\u0026locale=en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi router AX1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
}
},
{
"product_name": "Xiaomi route RM1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23\u0026locale=en",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23\u0026locale=en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14102",
"datePublished": "2021-01-13T22:33:05",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14098 (GCVE-0-2020-14098)
Vulnerability from cvelistv5 – Published: 2021-01-13 22:30 – Updated: 2024-08-04 12:39
VLAI?
Summary
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | Xiaomi router AX1800 |
Affected:
Xiaomi router AX1800rom version < 1.0.336
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22\u0026locale=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi router AX1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
},
{
"product": "Xiaomi route RM1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:30:41",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22\u0026locale=en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi router AX1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
}
},
{
"product_name": "Xiaomi route RM1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22\u0026locale=en",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22\u0026locale=en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14098",
"datePublished": "2021-01-13T22:30:41",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14101 (GCVE-0-2020-14101)
Vulnerability from cvelistv5 – Published: 2021-01-13 22:25 – Updated: 2024-08-04 12:39
VLAI?
Summary
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | Xiaomi router AX1800 |
Affected:
Xiaomi router AX1800rom version < 1.0.336
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=24\u0026locale=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi router AX1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
},
{
"product": "Xiaomi route RM1800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:25:07",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=24\u0026locale=en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi router AX1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi router AX1800rom version \u003c 1.0.336"
}
]
}
},
{
"product_name": "Xiaomi route RM1800",
"version": {
"version_data": [
{
"version_value": "Xiaomi route RM1800 root version \u003c 1.0.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version \u003c 1.0.336 and Xiaomi route RM1800 root version \u003c 1.0.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=24\u0026locale=en",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=24\u0026locale=en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14101",
"datePublished": "2021-01-13T22:25:07",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}