In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
[
{
"product": "Xiaomi router R3600",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "ROM version<1.0.20"
}
]
}
]