CVE-2019-18370

CRITICAL

Millet Router 3G Firmware < 2.28.23 - OS Command Injection

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-18370. PoCs published by FzBacon.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2019-18370, an RCE vulnerability in Xiaomi Mi WiFi routers. It includes root cause analysis, code snippets, and exploitation steps, demonstrating how arbitrary file upload and command injection lead to remote code execution.

Description

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.

Exploits (1)

nomisec WRITEUP 2 stars
by FzBacon · poc
https://github.com/FzBacon/CVE-2019-18370_XiaoMi_Mi_WIFI_RCE_analysis

This repository provides a detailed technical analysis of CVE-2019-18370, an RCE vulnerability in Xiaomi Mi WiFi routers. It includes root cause analysis, code snippets, and exploitation steps, demonstrating how arbitrary file upload and command injection lead to remote code execution.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Xiaomi Mi WiFi routers (various models and firmware versions)
Auth required
Prerequisites: Admin credentials for the router · Network connectivity to the router
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.4029
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
mi/millet_router_3g_firmware < 2.28.23
Published Oct 23, 2019
Tracked Since Feb 18, 2026