CVE-2020-14140: Command Injection
First published: Wed Mar 29 2023(Updated: )
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.
Credit: security@xiaomi.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mi Xiaomi Router Firmware | >=2020<2023.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-14140?
CVE-2020-14140 is a vulnerability in Xiaomi router firmware that allows unauthenticated access to a specific API and exposes the WiFi password.
How severe is CVE-2020-14140?
CVE-2020-14140 has a severity value of 7.5, which is considered high.
How does CVE-2020-14140 occur?
CVE-2020-14140 occurs due to the lack of access control policies on certain API interfaces in Xiaomi router firmware.
What is the affected software by CVE-2020-14140?
The affected software is Mi Xiaomi Router Firmware with versions between 2020 and 2023.2.
How can the CVE-2020-14140 vulnerability be exploited?
Attackers can exploit the CVE-2020-14140 vulnerability to gain unauthorized access to the router's background and execute malicious actions.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/mi
- canonical/mi xiaomi router firmware
- version/mi xiaomi router firmware/2020