Login Sign Up

CVE-2020-14115

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

A command injection vulnerability in Xiaomi Router AX3600 allows attackers to execute arbitrary code by exploiting insufficient input validation. This affects all users of vulnerable router firmware versions. Attackers can potentially take full control of affected routers.

💻 Affected Systems

Products:
  • Xiaomi Router AX3600
Versions: Firmware versions prior to 1.0.50
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Ax3600 Firmware by Mi

View all CVEs affecting Ax3600 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to intercept all network traffic, install persistent malware, pivot to internal networks, and use router as attack platform.

🟠

Likely Case

Router takeover enabling traffic interception, DNS hijacking, credential theft, and lateral movement to connected devices.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted management interface access and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with management interfaces accessible from WAN.
🏢 Internal Only: MEDIUM - Attackers on internal network could exploit if management interface is accessible.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to router management interface. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 1.0.50 or later

Vendor Advisory: https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=37

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to System Settings > Firmware Update. 3. Check for updates and install version 1.0.50 or later. 4. Reboot router after update completes.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Navigate to router admin > Security > Remote Management > Disable

Restrict Management Interface Access

all

Limit management interface to specific IP addresses

Navigate to router admin > Security > Access Control > Add allowed IPs only

🧯 If You Can't Patch

  • Isolate router on separate VLAN with strict firewall rules
  • Implement network monitoring for suspicious router traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Settings > Firmware Version

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Confirm firmware version is 1.0.50 or higher in admin interface

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in router logs
  • Multiple failed login attempts to admin interface
  • Unexpected firmware modification attempts

Network Indicators:

  • Unusual outbound connections from router
  • DNS queries to malicious domains from router
  • Unexpected port scans originating from router

SIEM Query:

source="router" AND (event_type="command_execution" OR event_type="firmware_change")

📊 Metadata

CVE ID: CVE-2020-14115
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-345
Published: March 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14115, you might also want to check these:

CVE-2022-30315 9.8

Honeywell Experion PKS Safety Manager controllers lack cryptographic authentication for control logi...

Same vulnerability type (CWE-345)
CVE-2025-66255 9.8

This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM ...

Same vulnerability type (CWE-345)
CVE-2022-26871 9.8

CVE-2022-26871 is a critical arbitrary file upload vulnerability in Trend Micro Apex Central that al...

Same vulnerability type (CWE-345)