Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
History

Mon, 25 Nov 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Mi ax9000
CPEs cpe:2.3:h:mi:ax9000:-:*:*:*:*:*:*:*
Vendors & Products Mi ax9000

Mon, 23 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Mi
Mi ax9000 Firmware
CPEs cpe:2.3:o:mi:ax9000_firmware:*:*:*:*:*:*:*:*
Vendors & Products Mi
Mi ax9000 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Sep 2024 09:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77

Mon, 23 Sep 2024 08:45:00 +0000

Type Values Removed Values Added
Description Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
Title Xiaomi Router AX9000 has a post-authorization command injection vulnerability
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Xiaomi

Published: 2024-09-23T08:25:47.868Z

Updated: 2024-09-23T15:36:16.866Z

Reserved: 2024-08-28T02:24:34.837Z

Link: CVE-2024-45348

cve-icon Vulnrichment

Updated: 2024-09-23T15:36:11.555Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-23T09:15:02.960

Modified: 2024-11-25T17:14:11.713

Link: CVE-2024-45348

cve-icon Redhat

No data.