CVE-2023-26317
HIGHXiaomi Router Firmware < 2023.2 - OS Command Injection via External Interface
Title source: llmDescription
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.
References (1)
Core 1
Core References
Vendor Advisory
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529
Scores
CVSS v3
7.0
EPSS
0.0095
EPSS Percentile
56.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-77
CWE-78
Status
published
Products (1)
mi/xiaomi_router_firmware
< 2023.2
Published
Aug 02, 2023
Tracked Since
Feb 18, 2026