CVE-2018-14010
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
Inyección de comandos del sistema operativo en la caracterÃstica de opciones Wi-Fi de invitado en /cgi-bin/luci en Xiaomi R3P en versiones anteriores a la 2.14.5, R3C en versiones anteriores a la 2.12.15, R3 en versiones anteriores a la 2.22.15 y R3D en versiones anteriores a la 2.26.4 permite que un atacante ejecute cualquier comando mediante datos JSON manipulados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-07-12 CVE Reserved
- 2018-07-15 CVE Published
- 2023-12-05 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.cnvd.org.cn/flaw/show/CNVD-2018-04521 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/cc-crack/router/blob/master/CNVD-2018-04521.py | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mi Search vendor "Mi" | Xiaomi R3p Firmware Search vendor "Mi" for product "Xiaomi R3p Firmware" | < 2.14.5 Search vendor "Mi" for product "Xiaomi R3p Firmware" and version " < 2.14.5" | - |
Affected
| in | Mi Search vendor "Mi" | Xiaomi R3p Search vendor "Mi" for product "Xiaomi R3p" | - | - |
Safe
|
| Mi Search vendor "Mi" | Xiaomi R3c Firmware Search vendor "Mi" for product "Xiaomi R3c Firmware" | < 2.12.15 Search vendor "Mi" for product "Xiaomi R3c Firmware" and version " < 2.12.15" | - |
Affected
| in | Mi Search vendor "Mi" | Xiaomi R3c Search vendor "Mi" for product "Xiaomi R3c" | - | - |
Safe
|
| Mi Search vendor "Mi" | Xiaomi R3d Firmware Search vendor "Mi" for product "Xiaomi R3d Firmware" | < 2.26.4 Search vendor "Mi" for product "Xiaomi R3d Firmware" and version " < 2.26.4" | - |
Affected
| in | Mi Search vendor "Mi" | Xiaomi R3d Search vendor "Mi" for product "Xiaomi R3d" | - | - |
Safe
|
| Mi Search vendor "Mi" | Xiaomi R3 Search vendor "Mi" for product "Xiaomi R3" | < 2.22.15 Search vendor "Mi" for product "Xiaomi R3" and version " < 2.22.15" | - |
Affected
| in | Mi Search vendor "Mi" | Xiaomi R3 Search vendor "Mi" for product "Xiaomi R3" | - | - |
Safe
|