Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-14140

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.

Published

2023-03-29T20:15:07.087

Last Modified

2025-02-18T18:15:09.703

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-306
Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mi	xiaomi_router_firmware	< 2023.2	Yes

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506 Vendor Advisory ([email protected])
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)