CVE-2018-16307

Exploit

EPSS 0.3%
Veröffentlicht 05.09.2018 21:29:03
Zuletzt bearbeitet 21.11.2024 03:52:29
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mi ≫ Xiaomi Miwifi Xiaomi 55dd Firmware Version2.8.50

Mi ≫ Xiaomi Miwifi Xiaomi 55dd Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.503

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-16307

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16307

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16307

EUVD