Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26317

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.

Published

2023-08-02T14:15:10.407

Last Modified

2024-11-21T07:51:06.780

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mi	xiaomi_router_firmware	< 2023.2	Yes

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529 Vendor Advisory ([email protected])
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)