Arbitrary System Command Execution in Xiaomi Mi Router 3 (v2.22.15) via request_mitv Vulnerability
CVE-2018-16130 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.
Learn more about our Web Application Penetration Testing UK.