CVE-2020-14100 - OpenCVE

In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mi	R3600 R3600 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mi:r3600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mi:r3600:-:*:*:*:*:*:*:*

References

Link	Resource
https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=20&locale=en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Xiaomi

Published: 2020-09-11T13:42:01

Updated: 2020-09-11T13:42:01

Reserved: 2020-06-15T00:00:00

Link: CVE-2020-14100

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-11T14:15:11.270

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-14100

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:r3600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4BAC5A8-434F-48EA-8F5F-34B50BBF488D", "versionEndExcluding": "1.0.66", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:r3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "65105757-9C36-4FEB-B425-A0C989EF0DE2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability."}, {"lang": "es", "value": "En el enrutador Xiaomi R3600 ROM versiones anteriores a 1.0.66, los filtros en la interfaz set_WAN6 pueden ser omitidos, causando una ejecuci\u00f3n de c\u00f3digo remota. El administrador del enrutador puede conseguir acceso root a partir de esta vulnerabilidad"}], "id": "CVE-2020-14100", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-11T14:15:11.270", "references": [{"source": "security@xiaomi.com", "tags": ["Vendor Advisory"], "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=20&locale=en"}], "sourceIdentifier": "security@xiaomi.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}