CVE-2020-14140

Published: Mar 29, 2023

Modified: Feb 18, 2025

PUBLISHED

Description

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.

Vendor	Product	Versions
n/a	Xiaomi Multiple Devices	affected `Xiaomi Multiple Devices, firmware update time in 2020-2022`

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-14140

Description

Affected Products

References