Xiaomi router external request interface has command injection

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Xiaomi router 命令注入漏洞

Xiaomi router是中国小米（Xiaomi）公司的一系列无线路由器。 Xiaomi routers存在安全漏洞，该漏洞源于对外接口返回的响应过滤不足，导致存在命令注入漏洞。攻击者可以利用该漏洞通过劫持ISP或上层路由器来获取权限。

N/A

N/A