Command Injection Vulnerability in Xiaomi Router AX3600 (rom< 1.1.12) - Remote Code Execution

Command Injection Vulnerability in Xiaomi Router AX3600 (rom< 1.1.12) - Remote Code Execution

CVE-2020-14119 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12

Learn more about our Network Penetration Testing.