CVE-2024-45348
Xiaomi Router AX9000 has a post-authorization command injection vulnerability
Severity Score
6.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
Xiaomi Router AX9000 tiene una vulnerabilidad de inyección de comandos posterior a la autorización. Esta vulnerabilidad se debe a la falta de validación de la entrada del usuario y un atacante puede aprovecharla para ejecutar código arbitrario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-28 CVE Reserved
- 2024-09-23 CVE Published
- 2024-09-23 CVE Updated
- 2024-09-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
- CAPEC-108: Command Line Execution through SQL Injection
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xiaomi Search vendor "Xiaomi" | Xiaomi Router AX9000 Search vendor "Xiaomi" for product "Xiaomi Router AX9000" | 1.0.173 Search vendor "Xiaomi" for product "Xiaomi Router AX9000" and version "1.0.173" | en |
Affected
| ||||||