An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2018-09-05 21:29
Updated : 2024-11-21 03:52
NVD link : CVE-2018-16307
Mitre link : CVE-2018-16307
CVE.ORG link : CVE-2018-16307
JSON object : View
Products Affected
mi
- xiaomi_miwifi_xiaomi_55dd_firmware
- xiaomi_miwifi_xiaomi_55dd
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor