CVE-2024-37663

Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.5 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md	Exploit Third Party Advisory
https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mi:redmi_ax6s_firmware:1.0.57:*:*:*:*:*:*:*

cpe:2.3:h:mi:redmi_ax6s:-:*:*:*:*:*:*:*

History

09 Jul 2025, 15:13

Type	Values Removed	Values Added
First Time		Mi Mi redmi Ax6s Firmware Mi redmi Ax6s
CPE		cpe:2.3:h:mi:redmi_ax6s:-:::::::* cpe:2.3:o:mi:redmi_ax6s_firmware:1.0.57:::::::*
References	~~() https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md -~~	() https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md - Exploit, Third Party Advisory

Information

Published : 2024-06-17 18:15

Updated : 2025-07-09 15:13

NVD link : CVE-2024-37663

Mitre link : CVE-2024-37663

CVE.ORG link : CVE-2024-37663

JSON object : View

Products Affected

mi

redmi_ax6s
redmi_ax6s_firmware

CWE

CWE-940

Improper Verification of Source of a Communication Channel

{"id": "CVE-2024-37663", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.5}]}, "published": "2024-06-17T18:15:17.653", "references": [{"url": "https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-940"}]}], "descriptions": [{"lang": "en", "value": "Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages."}, {"lang": "es", "value": "El enrutador Redmi RB03 v1.0.57 es vulnerable a ataques de mensajes de redireccionamiento ICMP falsificados. Un atacante en la misma WLAN que la v\u00edctima puede secuestrar el tr\u00e1fico entre la v\u00edctima y cualquier servidor remoto enviando mensajes de redireccionamiento ICMP falsificados."}], "lastModified": "2025-07-09T15:13:50.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_ax6s_firmware:1.0.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1363B726-7865-4041-86AD-B5BF28BF5685"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_ax6s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0923D4E-7087-4FAB-BD00-B82A9E9F5FC5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}