|
211071
|
9.8 |
CRITICAL
Network
|
mi
|
ax3600_firmware
|
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to exec…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-14115
|
2024-11-21 14:02 |
2022-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211072
|
5.3 |
MEDIUM
Network
|
mi
|
ax6000_firmware
|
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the fil…
|
CWE-200
Information Exposure
|
CVE-2020-14112
|
2024-11-21 14:02 |
2022-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211073
|
7.8 |
HIGH
Local
|
mi
|
ax3600_firmware
|
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to exec…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-14111
|
2024-11-21 14:02 |
2022-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211074
|
7.8 |
HIGH
Local
|
mi
|
ax3600_firmware
|
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
|
CWE-863
Incorrect Authorization
|
CVE-2020-14110
|
2024-11-21 14:02 |
2022-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211075
|
7.5 |
HIGH
Network
|
mi
|
xiaomi_mirror_screen
|
A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14107
|
2024-11-21 14:02 |
2022-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211076
|
3.9 |
LOW
Physics
|
hcltech
|
traveler_companion
|
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-14264
|
2024-11-21 14:02 |
2021-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211077
|
3.9 |
LOW
Physics
|
hcltech
|
traveler_companion
|
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-14263
|
2024-11-21 14:02 |
2021-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211078
|
9.8 |
CRITICAL
Network
|
mi
|
ax3600_firmware
|
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-14124
|
2024-11-21 14:02 |
2021-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211079
|
9.8 |
CRITICAL
Network
|
mi
|
ax3600
|
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
|
CWE-77
Command Injection
|
CVE-2020-14119
|
2024-11-21 14:02 |
2021-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211080
|
5.3 |
MEDIUM
Network
|
mi
|
xiaomi
|
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-14130
|
2024-11-21 14:02 |
2021-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
