Filtered by vendor Mi Subscriptions
Filtered by product Ax3600 Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-14124 1 Mi 2 Ax3600, Ax3600 Firmware 2024-11-21 9.8 Critical
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
CVE-2020-14119 1 Mi 1 Ax3600 2024-11-21 9.8 Critical
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
CVE-2020-14115 1 Mi 2 Ax3600, Ax3600 Firmware 2024-11-21 9.8 Critical
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
CVE-2020-14111 1 Mi 2 Ax3600, Ax3600 Firmware 2024-11-21 7.8 High
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
CVE-2020-14110 1 Mi 2 Ax3600, Ax3600 Firmware 2024-11-21 7.8 High
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
CVE-2020-14109 1 Mi 2 Ax3600, Ax3600 Firmware 2024-11-21 7.2 High
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
CVE-2020-14104 1 Mi 2 Ax3600, Ax3600 Firmware 2024-11-21 8.1 High
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.