Vulnerability Description
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mi | Millet Router 3G Firmware | < 2.28.23 |
| Mi | Millet Router 3G | - |
Related Weaknesses (CWE)
References
- https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/masterExploitThird Party Advisory
- https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/masterExploitThird Party Advisory
FAQ
What is CVE-2019-18370?
CVE-2019-18370 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can co...
How severe is CVE-2019-18370?
CVE-2019-18370 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18370?
Check the references section above for vendor advisories and patch information. Affected products include: Mi Millet Router 3G Firmware, Mi Millet Router 3G.