CVSS 3.1 Score 9.8 of 10 (high)


Published Aug 2, 2023
Updated: Aug 7, 2023


CVE-2023-26317 is a critical vulnerability that affects Xiaomi routers. The vulnerability allows for command injection through an external interface due to inadequate filtering of responses. Attackers can exploit this flaw by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this vulnerability could result in remote code execution and complete compromise of the device. The base severity of this vulnerability is rated as critical with a CVSS score of 9.8, indicating a high risk to organizations. To remediate this vulnerability, it is recommended to update the firmware of affected Xiaomi routers to the latest version provided by the manufacturer.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-26317 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options