CVE-2020-14119

Summary

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12

Affected Software

VendorProductVersion RangeStatus
n/aXiaomi Router AX3600Xiaomi RouterAX3600 rom versionrom< 1.1.12affected

Weaknesses

  • leads to command execution under administrator authority

ADP Enrichment

CVE Program Container

Additional References

References