CVE-2024-45348 MEDIUM

CVE-2024-45348: Xiaomi Router AX9000 has a post-authorization command injection vulnerability

Vendor Xiaomi
Product Xiaomi Router AX9000
Weakness CWE-77
Published September 23, 2024
Last update March 27, 2025

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.

Key dates

02Disclosure timeline

September 23, 2024 CVE published
March 27, 2025 Record updated