CVE-2020-14140

Summary

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.

Affected Software

VendorProductVersion RangeStatus
n/aXiaomi Multiple DevicesXiaomi Multiple Devices, firmware update time in 2020-2022affected

Weaknesses

  • Unauthenticated API that can reveal WIFI password vulnerability

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References