CVE-2019-18370

CRITICAL

Millet Router 3G Firmware < 2.28.23 - OS Command Injection

Title source: rule

Description

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.

Exploits (1)

nomisec WRITEUP 2 stars

by FzBacon · poc

https://github.com/FzBacon/CVE-2019-18370_XiaoMi_Mi_WIFI_RCE_analysis

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/remote_command_execution_vulnerability.py

Scores

CVSS v3 9.8

EPSS 0.6401

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

mi/millet_router_3g_firmware < 2.28.23

Published Oct 23, 2019

Tracked Since Feb 18, 2026