CVE-2019-18370 Information
Description
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading the application uses the tar zxf command to decompress so one can control the contents of the files in the decompressed directory. In addition the application’s sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml and there is a command injection vulnerability as demonstrated by api/xqnetdetect/netspeed.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/remote_command_execution_vulnerability.py An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading the application uses the tar zxf command to decompress so one can control the contents of the files in the decompressed directory. In addition the application’s sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml and there is a command injection vulnerability as demonstrated by api/xqnetdetect/netspeed.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: