CVE-2020-14109 – This vulnerability allows remote command inject... (How to Fix)

Q: What is the severity of CVE-2020-14109?

CVE-2020-14109 has a CVSS score of 7.2 (HIGH). This vulnerability allows remote command injection in the meshd routing service on Xiaomi AX3600 routers, enabling attackers to execute arbitrary commands with administrator privileges. It affects routers with ROM version 1.1.12 or earlier, potentially compromising the entire network.

📋 TL;DR

This vulnerability allows remote command injection in the meshd routing service on Xiaomi AX3600 routers, enabling attackers to execute arbitrary commands with administrator privileges. It affects routers with ROM version 1.1.12 or earlier, potentially compromising the entire network.

💻 Affected Systems

Products:

Xiaomi Router AX3600

Versions: ROM version <= 1.1.12

Operating Systems: Custom router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Xiaomi AX3600 routers with vulnerable firmware versions. Other Xiaomi router models are not affected.

📦 What is this software?

Ax3600 Firmware by Mi

View all CVEs affecting Ax3600 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise leading to full network takeover, credential theft, persistent backdoor installation, and lateral movement to connected devices.

🟠

Likely Case

Router compromise allowing traffic interception, DNS manipulation, credential harvesting, and installation of malware on connected devices.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and proper network segmentation is implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Command injection vulnerabilities in network devices are frequently weaponized. The vulnerability is in the meshd service which handles routing functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ROM version > 1.1.12

Vendor Advisory: https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25&locale=zh

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Check current ROM version. 3. If version <= 1.1.12, navigate to firmware update section. 4. Download and install latest firmware from Xiaomi. 5. Reboot router after update completes.

🔧 Temporary Workarounds

Disable Remote Administration

all

Prevents external exploitation by disabling remote router administration

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace vulnerable router with patched model or different vendor
Place router behind firewall with strict inbound rules blocking all unnecessary ports

🔍 How to Verify

Check if Vulnerable:

Access router admin interface and check ROM version in system settings. If version is 1.1.12 or lower, the device is vulnerable.

Check Version:

Login to router web interface and navigate to System Status or About page to view firmware version.

Verify Fix Applied:

After updating, verify ROM version shows > 1.1.12 in system settings. Test router functionality to ensure update didn't break connectivity.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in router logs
Unexpected process spawning from meshd service
Failed authentication attempts followed by successful command execution

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Traffic redirection patterns

SIEM Query:

source="router_logs" AND (process="meshd" AND command="*;*" OR command="*|*" OR command="*`*" OR command="*$(*)")

📊 Metadata

CVE ID: CVE-2020-14109

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: September 16, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14109, you might also want to check these: