When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.
References
Link | Resource |
---|---|
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Xiaomi
Published: 2023-03-29T00:00:00
Updated: 2023-03-29T00:00:00
Reserved: 2020-06-15T00:00:00
Link: CVE-2020-14140
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-29T20:15:07.087
Modified: 2023-04-06T17:48:53.503
Link: CVE-2020-14140
JSON object: View
Redhat Information
No data.
CWE