First published: Wed Jun 24 2020(Updated: )
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
Credit: security@xiaomi.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mi Xiaomi R3600 Firmware | <1.0.20 | |
Mi Xiaomi R3600 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-14094.
The severity of CVE-2020-14094 is critical with a CVSS score of 9.8.
The Xiaomi router model R3600 with ROM version<1.0.20 is affected by CVE-2020-14094.
The connection service can be injected through the web interface in Xiaomi router R3600 ROM version<1.0.20, resulting in stack overflow or remote code execution.
Upgrading the Xiaomi router firmware to version 1.0.20 or higher will fix CVE-2020-14094.