cvedb.io
CVE-2018-14060
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-07-15T03:29:00.290 · Last modified 2026-06-17T01:40:35.010

Summary

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

Affected products

mi — xiaomi_r3d_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when mi ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.