Security Advisory

CVE-2019-18371

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-23 20:02:12

Last updated 2024-08-05 01:54:14

Assigner mitre

State PUBLISHED

Description

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.

← Browse all CVEs View on cve.org ↗