ID
VAR-202101-0064
CVE
CVE-2020-14102
TITLE
Xiaomi router AX1800rom and Xiaomi route RM1800 root Command injection vulnerability
Trust: 0.8
DESCRIPTION
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. Xiaomi router AX1800rom and Xiaomi route RM1800 root Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Xiaomi AX1800 is a router from Xiaomi, a Chinese company. Xiaomi AX1800 and others have a command injection vulnerability, which can be exploited by attackers to submit special requests, inject arbitrary OS commands and execute them
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | mi | model: | rm1800 | scope: | lt | version: | 1.0.26 | Trust: 1.0 |
| vendor: | mi | model: | ax1800 | scope: | lt | version: | 1.0.336 | Trust: 1.0 |
| vendor: | xiaomi | model: | mi rm1800 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | xiaomi | model: | mi ax1800 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | xiaomi | model: | ax1800 rom | scope: | lt | version: | 1.0.336 | Trust: 0.6 |
| vendor: | xiaomi | model: | rm1800 root | scope: | lt | version: | 1.0.26 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | Command injection (CWE-77) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
command injection
Trust: 0.6
PATCH
| title: | Top Page | url: | https://trust.mi.com/en | Trust: 0.8 |
| title: | Patch for Xiaomi AX1800 and other command injection vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/674541 | Trust: 0.6 |
| title: | Xiaomi AX1800 Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139062 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-14102 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2020-015374 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-06302 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202101-956 | Trust: 0.6 |
REFERENCES
| url: | https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=23&locale=en | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-14102 | Trust: 1.4 |
SOURCES
| db: | CNVD | id: | CNVD-2025-06302 |
| db: | JVNDB | id: | JVNDB-2020-015374 |
| db: | CNNVD | id: | CNNVD-202101-956 |
| db: | NVD | id: | CVE-2020-14102 |
LAST UPDATE DATE
2025-04-03T22:17:20.324000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-06302 | date: | 2025-04-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015374 | date: | 2021-09-17T07:58:00 |
| db: | CNNVD | id: | CNNVD-202101-956 | date: | 2021-01-21T00:00:00 |
| db: | NVD | id: | CVE-2020-14102 | date: | 2024-11-21T05:02:39.053 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-06302 | date: | 2025-04-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015374 | date: | 2021-09-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-202101-956 | date: | 2021-01-13T00:00:00 |
| db: | NVD | id: | CVE-2020-14102 | date: | 2021-01-13T23:15:13.260 |