POC-EXP 漏洞 备注 Drupal Drupalgeddon 2 远程代码执行漏洞(CVE-2018-7600) 复现分析 小米系列路由器漏洞(CVE-2019-18371/CVE-2019-18370) 漏洞报告
An issue exists on Xiaomi Mi WiFi R3G devices prior to 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mi millet_router_3g_firmware |