CVE-2020-14140 — HIGH (7.5)

Q: How severe is CVE-2020-14140?

CVE-2020-14140 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14140?

Check the references section above for vendor advisories and patch information. Affected products include: Mi Xiaomi Router Firmware.

Vulnerability Description

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mi	Xiaomi Router Firmware	>= 2020, < 2023.2

Related Weaknesses (CWE)

CWE-306

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506Vendor Advisory
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506Vendor Advisory

FAQ

What is CVE-2020-14140?

CVE-2020-14140 is a vulnerability with a CVSS score of 7.5 (HIGH). When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some...

How severe is CVE-2020-14140?

CVE-2020-14140 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14140?

Check the references section above for vendor advisories and patch information. Affected products include: Mi Xiaomi Router Firmware.