Xiaomi R3 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-14095	1 Mi	2 Xiaomi R3600, Xiaomi R3600 Firmware	2024-11-21	9.8 Critical
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
CVE-2020-14094	1 Mi	2 Xiaomi R3600, Xiaomi R3600 Firmware	2024-11-21	9.8 Critical
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
CVE-2020-11961	1 Mi	2 Xiaomi R3600, Xiaomi R3600 Firmware	2024-11-21	7.5 High
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
CVE-2020-11960	1 Mi	2 Xiaomi R3600, Xiaomi R3600 Firmware	2024-11-21	9.8 Critical
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS
CVE-2020-11959	1 Mi	2 Xiaomi R3600, Xiaomi R3600 Firmware	2024-11-21	7.5 High
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
CVE-2018-14060	1 Mi	2 Xiaomi R3d, Xiaomi R3d Firmware	2024-11-21	N/A
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
CVE-2018-14010	1 Mi	7 Xiaomi R3, Xiaomi R3c, Xiaomi R3c Firmware and 4 more	2024-11-21	N/A
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

Page 1 of 1.