Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rm1800_firmware
(Mi)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 4 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-04-08 | CVE-2020-14099 | On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | Ax1800_firmware, Rm1800_firmware | 7.5 | ||
2021-01-13 | CVE-2020-14102 | There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | Ax1800_firmware, Rm1800_firmware | 7.2 | ||
2021-01-13 | CVE-2020-14101 | The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | Ax1800_firmware, Rm1800_firmware | 7.5 | ||
2021-01-13 | CVE-2020-14098 | The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | Ax1800_firmware, Rm1800_firmware | 7.5 |