CVE-2020-14099 – This vulnerability in Xiaomi routers allows att... (How to Fix)

Q: What is the severity of CVE-2020-14099?

CVE-2020-14099 has a CVSS score of 7.5 (HIGH). This vulnerability in Xiaomi routers allows attackers to decrypt backup files containing sensitive user information like passwords due to hard-coded encryption keys. It affects users of Xiaomi AX1800 and RM1800 routers with outdated firmware. The exposure occurs when backup files are created and potentially shared or stored insecurely.

📋 TL;DR

This vulnerability in Xiaomi routers allows attackers to decrypt backup files containing sensitive user information like passwords due to hard-coded encryption keys. It affects users of Xiaomi AX1800 and RM1800 routers with outdated firmware. The exposure occurs when backup files are created and potentially shared or stored insecurely.

💻 Affected Systems

Products:

Xiaomi Router AX1800
Xiaomi Router RM1800

Versions: AX1800 rom version < 1.0.336, RM1800 root version < 1.0.26

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable when backup functionality is used.

📦 What is this software?

Ax1800 Firmware by Mi

View all CVEs affecting Ax1800 Firmware →

Rm1800 Firmware by Mi

View all CVEs affecting Rm1800 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to router admin credentials, potentially compromising the entire network, intercepting traffic, or using the router as an attack platform.

🟠

Likely Case

Local attackers or those with access to backup files can extract router passwords and other configuration data, leading to unauthorized network access.

🟢

If Mitigated

With updated firmware and proper backup file handling, the risk is eliminated as encryption uses proper keys.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to backup files, which may be obtained through various means including physical access, network compromise, or social engineering.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AX1800 rom version >= 1.0.336, RM1800 root version >= 1.0.26

Vendor Advisory: https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to System Settings > Firmware Update. 3. Check for and install available updates. 4. Reboot router after update completes.

🔧 Temporary Workarounds

Disable backup functionality

all

Prevent creation of vulnerable backup files by disabling backup features

Secure backup storage

all

Ensure backup files are encrypted with strong passwords and stored in secure locations

🧯 If You Can't Patch

Avoid creating or sharing backup files from the router
Implement network segmentation to isolate router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface and compare to patched versions

Check Version:

Login to router admin web interface and navigate to System Status or About page

Verify Fix Applied:

Confirm firmware version is AX1800 >= 1.0.336 or RM1800 >= 1.0.26

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts to router admin interface
Unusual configuration changes

Network Indicators:

Unauthorized access to router management interface
Suspicious backup file transfers

SIEM Query:

source="router_logs" AND (event="failed_login" OR event="config_change")

📊 Metadata

CVE ID: CVE-2020-14099

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-798

Published: April 8, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14099, you might also want to check these: