router CVE-2018-14010 CVE-2018-14060
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P prior to 2.14.5, R3C prior to 2.12.15, R3 prior to 2.22.15, and R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mi xiaomi_r3p_firmware |
||
mi xiaomi_r3c_firmware |
||
mi xiaomi_r3d_firmware |
||
mi xiaomi_r3 |