Details of VAR-202203-0259

ID

VAR-202203-0259

CVE

CVE-2020-14115

TITLE

mi of ax3600 Insufficient validation of data authenticity in firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-017624

DESCRIPTION

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. mi of ax3600 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Xiaomi router AX3600 is a router from the Chinese company Xiaomi

Trust: 2.16

sources: NVD: CVE-2020-14115 // JVNDB: JVNDB-2020-017624 // CNVD: CNVD-2022-47336

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-47336

AFFECTED PRODUCTS

vendor:	mi	model:	ax3600	scope:	lt	version:	1.0.67	Trust: 1.0
vendor:	mi	model:	ax3600	scope:	-	version:	-	Trust: 0.8
vendor:	mi	model:	ax3600	scope:	eq	version:	ax3600 firmware 1.0.67	Trust: 0.8
vendor:	mi	model:	ax3600	scope:	eq	version:	-	Trust: 0.8
vendor:	xiaomi	model:	ax3600	scope:	lt	version:	1.0.67	Trust: 0.6

sources: CNVD: CNVD-2022-47336 // JVNDB: JVNDB-2020-017624 // NVD: CVE-2020-14115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14115
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-14115
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-47336
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202203-985
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-14115
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-47336
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14115
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14115
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-47336 // JVNDB: JVNDB-2020-017624 // CNNVD: CNNVD-202203-985 // NVD: CVE-2020-14115

PROBLEMTYPE DATA

problemtype:	CWE-345	Trust: 1.0
problemtype:	Inadequate verification of data reliability (CWE-345) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-017624 // NVD: CVE-2020-14115

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-985

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202203-985

PATCH

title:	Patch for Xiaomi Router AX3600 Command Injection Vulnerability (CNVD-2022-47336)	url:	https://www.cnvd.org.cn/patchInfo/show/337181	Trust: 0.6
title:	Xiaomi router AX3600 Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185712	Trust: 0.6

sources: CNVD: CNVD-2022-47336 // CNNVD: CNNVD-202203-985

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14115	Trust: 3.8
db:	JVNDB	id:	JVNDB-2020-017624	Trust: 0.8
db:	CNVD	id:	CNVD-2022-47336	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-985	Trust: 0.6

sources: CNVD: CNVD-2022-47336 // JVNDB: JVNDB-2020-017624 // CNNVD: CNNVD-202203-985 // NVD: CVE-2020-14115

REFERENCES

url:	https://trust.mi.com/zh-cn/misrc/bulletins/advisory?cveid=37	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14115	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2020-14115/	Trust: 0.6

sources: CNVD: CNVD-2022-47336 // JVNDB: JVNDB-2020-017624 // CNNVD: CNNVD-202203-985 // NVD: CVE-2020-14115

SOURCES

db:	CNVD	id:	CNVD-2022-47336
db:	JVNDB	id:	JVNDB-2020-017624
db:	CNNVD	id:	CNNVD-202203-985
db:	NVD	id:	CVE-2020-14115

LAST UPDATE DATE

2024-08-14T14:02:44.449000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-47336	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-017624	date:	2023-07-05T08:13:00
db:	CNNVD	id:	CNNVD-202203-985	date:	2022-03-16T00:00:00
db:	NVD	id:	CVE-2020-14115	date:	2022-03-12T04:07:22.247

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-47336	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-017624	date:	2023-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202203-985	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-14115	date:	2022-03-10T17:41:16.620