CVE-2020-14140

EPSS 0.37%
Veröffentlicht 29.03.2023 20:15:07
Zuletzt bearbeitet 18.02.2025 18:15:09
Quelle security@xiaomi.com
Teams Watchlist Login
Unerledigt Login

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mi ≫ Xiaomi Router Firmware Version >= 2020 < 2023.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.561

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-14140

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14140

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14140

EUVD