CVE-2020-14102

Summary

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.

Affected Software

VendorProductVersion RangeStatus
n/aXiaomi router AX1800Xiaomi router AX1800rom version < 1.0.336affected
n/aXiaomi route RM1800Xiaomi route RM1800 root version < 1.0.26affected

Weaknesses

  • command injection

ADP Enrichment

CVE Program Container

Additional References

References