CVE-2020-14109

{"id": "CVE-2020-14109", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-09-16T12:15:07.087", "references": [{"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25&locale=zh", "tags": ["Broken Link"], "source": "security@xiaomi.com"}, {"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25&locale=zh", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12"}, {"lang": "es", "value": "Se presenta una inyecci\u00f3n de comandos en el programa meshd en el sistema de enrutamiento, resultando en una ejecuci\u00f3n de comandos bajo la autoridad del administrador en Xiaomi router AX3600 con la versi\u00f3n de ROM anteriores a 1.1.12, incluy\u00e9ndola"}], "lastModified": "2024-11-21T05:02:40.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mi:ax3600_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96775913-9D30-49BB-AAE2-8418F5994AF3", "versionEndIncluding": "1.1.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mi:ax3600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FCDA6605-7C59-41C2-BA6E-65268D15FA21"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@xiaomi.com"}