Details of VAR-202203-0970

ID

VAR-202203-0970

CVE

CVE-2020-14112

TITLE

Xiaomi Router AX6000 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-47338 // CNNVD: CNNVD-202203-989

DESCRIPTION

Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. mi of ax6000 Firmware has an information disclosure vulnerability.Information may be obtained. The Xiaomi Router AX6000 is a router from the Chinese company Xiaomi

Trust: 2.16

sources: NVD: CVE-2020-14112 // JVNDB: JVNDB-2020-017625 // CNVD: CNVD-2022-47338

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-47338

AFFECTED PRODUCTS

vendor:	mi	model:	ax6000	scope:	lt	version:	1.0.56	Trust: 1.0
vendor:	mi	model:	ax6000	scope:	eq	version:	-	Trust: 0.8
vendor:	mi	model:	ax6000	scope:	eq	version:	ax6000 firmware 1.0.56	Trust: 0.8
vendor:	mi	model:	ax6000	scope:	-	version:	-	Trust: 0.8
vendor:	xiaomi	model:	ax6000	scope:	lt	version:	1.0.56	Trust: 0.6

sources: CNVD: CNVD-2022-47338 // JVNDB: JVNDB-2020-017625 // NVD: CVE-2020-14112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14112
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-14112
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-47338
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202203-989
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-14112
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-47338
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14112
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14112
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-47338 // JVNDB: JVNDB-2020-017625 // CNNVD: CNNVD-202203-989 // NVD: CVE-2020-14112

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-017625 // NVD: CVE-2020-14112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-989

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202203-989

PATCH

title:	Patch for Xiaomi Router AX6000 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/337191	Trust: 0.6
title:	Xiaomi Router AX6000 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185714	Trust: 0.6

sources: CNVD: CNVD-2022-47338 // CNNVD: CNNVD-202203-989

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14112	Trust: 3.8
db:	JVNDB	id:	JVNDB-2020-017625	Trust: 0.8
db:	CNVD	id:	CNVD-2022-47338	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-989	Trust: 0.6

sources: CNVD: CNVD-2022-47338 // JVNDB: JVNDB-2020-017625 // CNNVD: CNNVD-202203-989 // NVD: CVE-2020-14112

REFERENCES

url:	https://trust.mi.com/zh-cn/misrc/bulletins/advisory?cveid=34	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14112	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2020-14112/	Trust: 0.6

sources: CNVD: CNVD-2022-47338 // JVNDB: JVNDB-2020-017625 // CNNVD: CNNVD-202203-989 // NVD: CVE-2020-14112

SOURCES

db:	CNVD	id:	CNVD-2022-47338
db:	JVNDB	id:	JVNDB-2020-017625
db:	CNNVD	id:	CNNVD-202203-989
db:	NVD	id:	CVE-2020-14112

LAST UPDATE DATE

2024-08-14T14:18:03.237000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-47338	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-017625	date:	2023-07-05T08:13:00
db:	CNNVD	id:	CNNVD-202203-989	date:	2022-03-14T00:00:00
db:	NVD	id:	CVE-2020-14112	date:	2022-03-12T04:07:02.683

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-47338	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-017625	date:	2023-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202203-989	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-14112	date:	2022-03-10T17:41:16.577