CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-16307

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html
http://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html

Products affected by CVE-2018-16307

Mi » Xiaomi Miwifi Xiaomi 55dd » Version: N/A

cpe:2.3:h:mi:xiaomi_miwifi_xiaomi_55dd:-
Mi » Xiaomi Miwifi Xiaomi 55dd Firmware » Version: 2.8.50

cpe:2.3:o:mi:xiaomi_miwifi_xiaomi_55dd_firmware:2.8.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16307

Products

Pricing

Contact Us