Shodan
Vulnerabilities
Vulnerable Software
Mi:  Security Vulnerabilities
CVE-2020-14111
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-10
CVE-2020-14112
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-03-10
CVE-2020-14115
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-03-10
CVE-2020-14107
A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-18
CVE-2020-14110
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-01-18
CVE-2020-14119
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
CVSS Score
9.8
EPSS Score
0.037
Published
2021-09-16
CVE-2020-14124
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-09-16
CVE-2020-14109
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
CVSS Score
7.2
EPSS Score
0.01
Published
2021-09-16
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
CVSS Score
5.3
EPSS Score
0.002
Published
2021-09-16
CVE-2021-31610
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved