Vulnerability Details : CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.
Exploit prediction scoring system (EPSS) score for CVE-2019-18370
Probability of exploitation activity in the next 30 days: 0.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-18370
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-18370
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18370
-
https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/remote_command_execution_vulnerability.py
Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/remote_command_execution_vulnerability.py at master · UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC · GitHubExploit;Third Party Advisory
Products affected by CVE-2019-18370
- cpe:2.3:o:mi:millet_router_3g_firmware:*:*:*:*:*:*:*:*