CVE-2020-14098

EPSS 0.24%
Published 13.01.2021 23:15:13
Last modified 21.11.2024 05:02:38
Source security@xiaomi.com
Teams watchlist Login
Open Login

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mi ≫ Ax1800 Firmware Version < 1.0.336

Mi ≫ Ax1800 Version-

Mi ≫ Rm1800 Firmware Version < 1.0.26

Mi ≫ Rm1800 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.439

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-662 Improper Synchronization

The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=22&locale=en

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2020-14098

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14098

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14098

EUVD