HIGH🇵🇱 Wersja polska

CVE-2020-14099

CVSS 7.5v3.1pub. 2021-04-08upd. 2024-11-21

On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Mi Ax1800

    HW
    Mi
    wszystkie wersje
  • Mi Ax1800 Firmware

    OS
    Mi
    < 1.0.336
  • Mi Rm1800

    HW
    Mi
    wszystkie wersje
  • Mi Rm1800 Firmware

    OS
    Mi
    < 1.0.26
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-14098HIGH7.5ten sam produkt

The login verification can be bypassed by using the problem that the time is not synchronized after the router...

CVE-2020-14101HIGH7.5ten sam produkt

The data collection SDK of the router web management interface caused the leakage of the token. This affects X...

CVE-2020-14102HIGH7.2ten sam produkt

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the...

CVE-2024-4405CRITICAL9.6PL ✓ten sam vendor

XSS umożliwiający RCE w Xiaomi 13 Pro — plik manual-upgrade.html

CVE-2024-4406CRITICAL9.6PL ✓ten sam vendor

XSS umożliwiający RCE w aplikacji GetApps na Xiaomi 13 Pro

CVE-2020-14099 — Mi — Ax1800 — HIGH — CVSS 7.5 | CVEbaza.pl