CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45348 – Xiaomi Router AX9000 has a post-authorization command injection vulnerability
https://notcve.org/view.php?id=CVE-2024-45348
23 Sep 2024 — Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. Xiaomi Router AX9000 tiene una vulnerabilidad de inyección de comandos posterior a la autorización. Esta vulnerabilidad se debe a la falta de validación de la entrada del usuario y un atacante puede aprovecharla para ejecutar código arbitrario. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=547 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 35%CPEs: 1EXPL: 0CVE-2023-26315 – Xiaomi router has a command injection vulnerability after authorization
https://notcve.org/view.php?id=CVE-2023-26315
26 Aug 2024 — The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=546 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •