Vulnerability Name:

CVE-2018-14010 (CCN-146572)

Assigned:2018-07-14
Published:2018-07-14
Updated:2018-09-12
Summary:OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-78
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2018-14010

Source: MISC
Type: Third Party Advisory
http://www.cnvd.org.cn/flaw/show/CNVD-2018-04521

Source: XF
Type: UNKNOWN
xiaomi-cve201814010-command-exec(146572)

Source: CCN
Type: cc-crack GTI Repository
CNVD-2018-04521

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/cc-crack/router/blob/master/CNVD-2018-04521.py

Source: CCN
Type: Xiaomi Web site
Xiaomi

Vulnerable Configuration:Configuration 1:
  • cpe:/o:mi:xiaomi_r3p_firmware:*:*:*:*:*:*:*:* (Version < 2.14.5)
  • AND
  • cpe:/h:mi:xiaomi_r3p:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:mi:xiaomi_r3c_firmware:*:*:*:*:*:*:*:* (Version < 2.12.15)
  • AND
  • cpe:/h:mi:xiaomi_r3c:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:mi:xiaomi_r3d_firmware:*:*:*:*:*:*:*:* (Version < 2.26.4)
  • AND
  • cpe:/h:mi:xiaomi_r3d:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:mi:xiaomi_r3:*:*:*:*:*:*:*:* (Version < 2.22.15)
  • AND
  • cpe:/h:mi:xiaomi_r3:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mi xiaomi r3p firmware *
    mi xiaomi r3p -
    mi xiaomi r3c firmware *
    mi xiaomi r3c -
    mi xiaomi r3d firmware *
    mi xiaomi r3d -
    mi xiaomi r3 *
    mi xiaomi r3 -