OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-15T03:00:00

Updated: 2024-08-05T09:21:40.955Z

Reserved: 2018-07-12T00:00:00

Link: CVE-2018-14010

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-07-15T03:29:00.227

Modified: 2018-09-12T14:33:21.917

Link: CVE-2018-14010

cve-icon Redhat

No data.