Details of VAR-202203-0258

ID

VAR-202203-0258

CVE

CVE-2020-14111

TITLE

mi of ax3600 Insufficient validation of data authenticity in firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-017626

DESCRIPTION

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. mi of ax3600 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Xiaomi router AX3600 is a router from the Chinese company Xiaomi

Trust: 2.16

sources: NVD: CVE-2020-14111 // JVNDB: JVNDB-2020-017626 // CNVD: CNVD-2022-47337

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-47337

AFFECTED PRODUCTS

vendor:	mi	model:	ax3600	scope:	lt	version:	1.1.15	Trust: 1.0
vendor:	mi	model:	ax3600	scope:	eq	version:	ax3600 firmware 1.1.15	Trust: 0.8
vendor:	mi	model:	ax3600	scope:	-	version:	-	Trust: 0.8
vendor:	mi	model:	ax3600	scope:	eq	version:	-	Trust: 0.8
vendor:	xiaomi	model:	ax3600	scope:	lt	version:	1.1.15	Trust: 0.6

sources: CNVD: CNVD-2022-47337 // JVNDB: JVNDB-2020-017626 // NVD: CVE-2020-14111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14111
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-14111
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-47337
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202203-988
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-14111
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-47337
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14111
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14111
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-47337 // JVNDB: JVNDB-2020-017626 // CNNVD: CNNVD-202203-988 // NVD: CVE-2020-14111

PROBLEMTYPE DATA

problemtype:	CWE-345	Trust: 1.0
problemtype:	Inadequate verification of data reliability (CWE-345) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-017626 // NVD: CVE-2020-14111

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-988

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202203-988

PATCH

title:	Patch for Xiaomi Router AX3600 Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/337186	Trust: 0.6
title:	Xiaomi router AX3600 Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185713	Trust: 0.6

sources: CNVD: CNVD-2022-47337 // CNNVD: CNNVD-202203-988

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14111	Trust: 3.8
db:	JVNDB	id:	JVNDB-2020-017626	Trust: 0.8
db:	CNVD	id:	CNVD-2022-47337	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-988	Trust: 0.6

sources: CNVD: CNVD-2022-47337 // JVNDB: JVNDB-2020-017626 // CNNVD: CNNVD-202203-988 // NVD: CVE-2020-14111

REFERENCES

url:	https://trust.mi.com/zh-cn/misrc/bulletins/advisory?cveid=18	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14111	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2020-14111/	Trust: 0.6

sources: CNVD: CNVD-2022-47337 // JVNDB: JVNDB-2020-017626 // CNNVD: CNNVD-202203-988 // NVD: CVE-2020-14111

SOURCES

db:	CNVD	id:	CNVD-2022-47337
db:	JVNDB	id:	JVNDB-2020-017626
db:	CNNVD	id:	CNNVD-202203-988
db:	NVD	id:	CVE-2020-14111

LAST UPDATE DATE

2024-08-14T14:18:04.087000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-47337	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-017626	date:	2023-07-05T08:13:00
db:	CNNVD	id:	CNNVD-202203-988	date:	2022-03-16T00:00:00
db:	NVD	id:	CVE-2020-14111	date:	2022-03-12T02:53:46.310

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-47337	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-017626	date:	2023-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202203-988	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-14111	date:	2022-03-10T17:41:16.523