CVE-2023-26317 HIGH

CVE-2023-26317: Xiaomi router external request interface has command injection

Vendor Xiaomi

Product Xiaomi router

Weakness CWE-78

Published August 2, 2023

Last update October 16, 2024

View on NVD All CVEs

CVSS base score

7.0/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.

Key dates

02Disclosure timeline

August 2, 2023 CVE published

October 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-26317 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2023-26317

CWE CWE-78

CVSS 7.0 / HIGH

Affected versions