Free Trial

CVE-2023-26317 : XIAOMI ROUTER EXTERNAL INTERFACE COMMAND INJECTION

Description

A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529

For More Information

MITRE

Common Vulnerabilityies and Exposures

CVE-2023-26317 : XIAOMI ROUTER EXTERNAL INTERFACE COMMAND INJECTION
CVE-2023-26317 : XIAOMI ROUTER EXTERNAL INTERFACE COMMAND INJECTION

Contact us to get started

CVE-2024-20329 : CISCO ASA UP TO 9.19.1.18 EXPRESSION/COMMAND DELIMITERS

CVE-2024-20329 : CISCO ASA UP TO 9.19.1.18 EXPRESSION/COMMAND DELIMITERS

Description A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker

Learn more
CVE-2024-47575 : FONTINET FORTIMANAGER UP TO 7.6.0 REQUEST MISSING AUTHENTICATION

CVE-2024-47575 : FONTINET FORTIMANAGER UP TO 7.6.0 REQUEST MISSING AUTHENTICATION

Description A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0

Learn more
CVE-2024-47901 : SIEMENS INTERMESH 7177 HYBRID 2.0 SUBSCRIBER PRIOR 8.2.12 WEB SERVER OS COMMAND INJECTION

CVE-2024-47901 : SIEMENS INTERMESH 7177 HYBRID 2.0 SUBSCRIBER PRIOR 8.2.12 WEB SERVER OS COMMAND INJECTION

Description A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber

Learn more