CVE-2019-18371

HIGH EXPLOITED NUCLEI

Millet Router 3G Firmware < 2.28.23 - Path Traversal

Title source: rule

Description

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.

Exploits (3)

nomisec WORKING POC 186 stars

by UltramanGaia · remote

https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC

View Code ZIP pw:eip

nomisec

by jsnhcuan1997 · poc

https://github.com/jsnhcuan1997/UltramanGaia

View on nomisec

nomisec WORKING POC

by AjayMT6 · poc

https://github.com/AjayMT6/UltramanGaia

View Code ZIP pw:eip

Nuclei Templates (1)

Xiaomi Mi WiFi R3G Routers - Local file Inclusion

HIGHby ritikchaddha

References (1)

[Exploit, Third Party Advisory] https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/arbitrary_file_read_vulnerability.py

Scores

CVSS v3 7.5

EPSS 0.9198

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-01-02

CWE

CWE-22

Status published

Products (1)

mi/millet_router_3g_firmware < 2.28.23

Published Oct 23, 2019

Tracked Since Feb 18, 2026