CVE-2024-37663

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-37663
Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.

4.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md Exploit Third Party Advisory
https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mi:redmi_ax6s_firmware:1.0.57:*:*:*:*:*:*:*
cpe:2.3:h:mi:redmi_ax6s:-:*:*:*:*:*:*:*
History

09 Jul 2025, 15:13

Type Values Removed Values Added
CPE cpe:2.3:o:mi:redmi_rb03_firmware:1.0.57:*:*:*:*:*:*:*
cpe:2.3:h:mi:redmi_rb03:-:*:*:*:*:*:*:*		 cpe:2.3:h:mi:redmi_ax6s:-:*:*:*:*:*:*:*
cpe:2.3:o:mi:redmi_ax6s_firmware:1.0.57:*:*:*:*:*:*:*
First Time Mi redmi Ax6s Firmware
Mi redmi Ax6s

09 Jul 2025, 14:57

Type Values Removed Values Added
CPE cpe:2.3:o:mi:redmi_rb03_firmware:1.0.57:*:*:*:*:*:*:*
cpe:2.3:h:mi:redmi_rb03:-:*:*:*:*:*:*:*
First Time Mi redmi Rb03
Mi redmi Rb03 Firmware
Mi
References () https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md - () https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md - Exploit, Third Party Advisory

22 Nov 2024, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 0.0 		v2 : unknown
v3 : 4.1

21 Nov 2024, 09:24

Type Values Removed Values Added
References () https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md - () https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md -

01 Aug 2024, 13:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 0.0
CWE CWE-940

20 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) El enrutador Redmi RB03 v1.0.57 es vulnerable a ataques de mensajes de redireccionamiento ICMP falsificados. Un atacante en la misma WLAN que la víctima puede secuestrar el tráfico entre la víctima y cualquier servidor remoto enviando mensajes de redireccionamiento ICMP falsificados.

17 Jun 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-17 18:15

Updated : 2025-07-09 15:13

NVD link : CVE-2024-37663

Mitre link : CVE-2024-37663

CVE.ORG link : CVE-2024-37663

JSON object : View

Products Affected

mi

  • redmi_ax6s_firmware
  • redmi_ax6s
CWE
CWE-940

Improper Verification of Source of a Communication Channel