CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18370

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile29.65th
PublishedOct 23, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.

Affected Platforms (CPE)

💻
Mi

Millet Router 3g Firmware

< 2.28.23

References & Advisories

🔗 https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/remote_command_execution_vulnerability.py
🔗 https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/remote_command_execution_vulnerability.py

Related Vulnerabilities

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-1302010.0

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse....