This page lists publicly disclosed CVE vulnerabilities affecting mi ax3600_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-14115 | A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. | [email protected] | 9.8 | 1.08% | 2022-03-10 | 2026-06-16 |
| CVE-2020-14111 | A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. | [email protected] | 7.8 | 0.31% | 2022-03-10 | 2026-06-16 |
| CVE-2020-14110 | AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | [email protected] | 7.8 | 0.25% | 2022-01-18 | 2026-06-16 |
| CVE-2020-14124 | There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. | [email protected] | 9.8 | 1.89% | 2021-09-16 | 2026-06-16 |
| CVE-2020-14109 | There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | [email protected] | 7.2 | 2.17% | 2021-09-16 | 2026-06-16 |
| CVE-2020-14104 | A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | [email protected] | 8.1 | 0.66% | 2021-04-08 | 2026-06-16 |