CVE-2018-14060

Sažetak

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

Reference

http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520
https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-09-2018 - 14:30

Objavljeno

15-07-2018 - 03:29