Vulnerability CVE-2018-16307


Published: 2018-09-05

Description:
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.

See advisories in our WLB2 database:
Topic
Author
Date
High
MIWiFi Xiaomi_55DD 2.8.50 Out-Of-Band Resource Load
Mishra Dhiraj
03.09.2018

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
MI -> Xiaomi miwifi xiaomi 55dd firmware 

 References:
http://packetstormsecurity.com/files/149196/MIWiFi-Xiaomi_55DD-2.8.50-Out-Of-Band-Resource-Load.html

Copyright 2024, cxsecurity.com

 

Back to Top