Published: 05/09/2018 Updated: 14/11/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Xiaomi Miwifi Xiaomi 55dd Firmware

An "Out-of-band resource load" issue exists on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mi xiaomi_miwifi_xiaomi_55dd_firmware 2.8.50

An out-of-band resource load issue was discovered on Xiaomi MIWiFi Xiaomi_55DD version 2850 devices It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response If a domain name (containing a random string) is used in the HTTP Host header, the application performs a ...

CWE-200 http://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html https://nvd.nist.gov https://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-16307

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect