CVE-2024-37664

Exploit

EPSS 0.07%
Veröffentlicht 17.06.2024 18:15:17
Zuletzt bearbeitet 09.07.2025 15:05:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mi ≫ Redmi Ax6s Firmware Version1.0.57

Mi ≫ Redmi Ax6s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.205

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.2	1.5	3.6	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE-940 Improper Verification of Source of a Communication Channel

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/redmi-rb03-nat-rst.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-37664

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-37664

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37664

EUVD