Search criteria
56 vulnerabilities
CVE-2024-45347 (GCVE-0-2024-45347)
Vulnerability from cvelistv5 – Published: 2025-06-23 09:34 – Updated: 2025-06-23 12:03
VLAI?
Summary
An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device.
Severity ?
9.6 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi Mi Connect Service |
Affected:
Xiaomi Mi Connect Service3.1.895.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T12:02:12.274741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:03:52.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi Mi Connect Service",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "Xiaomi Mi Connect Service3.1.895.10"
}
]
}
],
"datePublic": "2025-02-20T09:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim\u2019s device. \u003cbr\u003e"
}
],
"value": "An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim\u2019s device."
}
],
"impacts": [
{
"capecId": "CAPEC-151",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-151 Identity Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:34:41.202Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=548"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mi Connect Service APP protocol flaws lead to unauthorized access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45347",
"datePublished": "2025-06-23T09:34:38.676Z",
"dateReserved": "2024-08-28T02:24:34.837Z",
"dateUpdated": "2025-06-23T12:03:52.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45361 (GCVE-0-2024-45361)
Vulnerability from cvelistv5 – Published: 2025-03-27 07:16 – Updated: 2025-06-23 09:43
VLAI?
Summary
A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.
Severity ?
6.5 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi Mi Connect Service |
Affected:
Xiaomi Mi Connect Service3.1.895.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45361",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:30:58.813684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:31:06.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi Mi Connect Service",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "Xiaomi Mi Connect Service3.1.895.10"
}
]
}
],
"datePublic": "2025-03-27T09:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information. \u003cbr\u003e"
}
],
"value": "A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information."
}
],
"impacts": [
{
"capecId": "CAPEC-157",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-157 Sniffing Attacks"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:43:27.193Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=558"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mi Connect Service APP protocol flaws lead to leaking sensitive user information",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45361",
"datePublished": "2025-03-27T07:16:21.898Z",
"dateReserved": "2024-08-28T02:24:48.946Z",
"dateUpdated": "2025-06-23T09:43:27.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45356 (GCVE-0-2024-45356)
Vulnerability from cvelistv5 – Published: 2025-03-27 07:11 – Updated: 2025-03-27 13:31
VLAI?
Summary
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity ?
7.3 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi phone framework has unauthorized access vulnerability |
Affected:
Xiaomi phone framework 14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:31:29.166410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:31:36.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi phone framework has unauthorized access vulnerability",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "Xiaomi phone framework 14"
}
]
}
],
"datePublic": "2025-02-21T07:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. \u003cbr\u003e"
}
],
"value": "A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T07:21:50.411Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=554"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Xiaomi phone framework has unauthorized access vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45356",
"datePublished": "2025-03-27T07:11:41.754Z",
"dateReserved": "2024-08-28T02:24:48.945Z",
"dateUpdated": "2025-03-27T13:31:36.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45355 (GCVE-0-2024-45355)
Vulnerability from cvelistv5 – Published: 2025-03-27 06:48 – Updated: 2025-03-27 13:32
VLAI?
Summary
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.
Severity ?
5.5 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi phone framework |
Affected:
Xiaomi phone framework 14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:31:53.958012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:32:01.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi phone framework",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "Xiaomi phone framework 14"
}
]
}
],
"datePublic": "2025-02-21T06:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. \u003cbr\u003e"
}
],
"value": "A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T06:48:09.996Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=553"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Xiaomi phone framework has unauthorized access vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45355",
"datePublished": "2025-03-27T06:48:07.672Z",
"dateReserved": "2024-08-28T02:24:34.839Z",
"dateUpdated": "2025-03-27T13:32:01.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45354 (GCVE-0-2024-45354)
Vulnerability from cvelistv5 – Published: 2025-03-27 06:25 – Updated: 2025-03-27 13:37
VLAI?
Summary
A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
Severity ?
4.3 (Medium)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi shop application |
Affected:
Xiaomi shop application 5.30.0.20241103.r1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:37:14.765741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:37:21.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi shop application",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "Xiaomi shop application 5.30.0.20241103.r1"
}
]
}
],
"datePublic": "2025-02-21T06:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. \u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T06:25:56.581Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=552"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "xiaomi shop application Webview has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45354",
"datePublished": "2025-03-27T06:25:56.581Z",
"dateReserved": "2024-08-28T02:24:34.839Z",
"dateUpdated": "2025-03-27T13:37:21.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45353 (GCVE-0-2024-45353)
Vulnerability from cvelistv5 – Published: 2025-03-27 06:12 – Updated: 2025-03-27 14:18
VLAI?
Summary
An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction.
Severity ?
4.3 (Medium)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | quick app framework |
Affected:
quick app framework 1.30.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:18:18.395375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:18:37.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "quick app framework",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "quick app framework 1.30.2.1"
}
]
}
],
"datePublic": "2025-02-21T06:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction. \u003cbr\u003e"
}
],
"value": "An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T06:12:57.059Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=551"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "quick App has intent redriction vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45353",
"datePublished": "2025-03-27T06:12:57.059Z",
"dateReserved": "2024-08-28T02:24:34.839Z",
"dateUpdated": "2025-03-27T14:18:37.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45352 (GCVE-0-2024-45352)
Vulnerability from cvelistv5 – Published: 2025-03-27 02:02 – Updated: 2025-03-27 13:44
VLAI?
Summary
An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
Severity ?
8.8 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi smarthome application |
Affected:
Xiaomi smarthome application 10.0.623
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:44:28.162270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:44:35.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi smarthome application",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "Xiaomi smarthome application 10.0.623"
}
]
}
],
"datePublic": "2025-02-21T01:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. \u0026nbsp; \u003cbr\u003e"
}
],
"value": "An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T02:03:13.737Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=550"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Xiaomi smarthome application Webview has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45352",
"datePublished": "2025-03-27T02:02:34.511Z",
"dateReserved": "2024-08-28T02:24:34.839Z",
"dateUpdated": "2025-03-27T13:44:35.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45351 (GCVE-0-2024-45351)
Vulnerability from cvelistv5 – Published: 2025-03-26 13:17 – Updated: 2025-03-26 13:52
VLAI?
Summary
A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
Severity ?
7.8 (High)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Game center application |
Affected:
Game center application 13.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T13:52:19.885534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T13:52:37.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Game center application",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "Game center application 13.10"
}
]
}
],
"datePublic": "2025-02-21T12:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. \u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T13:17:33.544Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=549"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Game center application has code execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45351",
"datePublished": "2025-03-26T13:17:07.014Z",
"dateReserved": "2024-08-28T02:24:34.839Z",
"dateUpdated": "2025-03-26T13:52:37.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45348 (GCVE-0-2024-45348)
Vulnerability from cvelistv5 – Published: 2024-09-23 08:25 – Updated: 2025-03-27 06:39
VLAI?
Summary
Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
Severity ?
6.4 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi Router AX9000 |
Affected:
1.0.173
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mi:ax9000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "ax9000_firmware",
"vendor": "mi",
"versions": [
{
"status": "affected",
"version": "1.0.173"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T15:34:09.867821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T15:36:16.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Xiaomi Router AX9000",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "1.0.173"
}
]
}
],
"datePublic": "2024-09-14T08:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eXiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-108",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-108 Command Line Execution through SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T06:39:01.861Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=547"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Xiaomi Router AX9000 has a post-authorization command injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45348",
"datePublished": "2024-09-23T08:25:47.868Z",
"dateReserved": "2024-08-28T02:24:34.837Z",
"dateUpdated": "2025-03-27T06:39:01.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26322 (GCVE-0-2023-26322)
Vulnerability from cvelistv5 – Published: 2024-08-28 07:59 – Updated: 2024-08-28 13:39
VLAI?
Summary
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
Severity ?
8.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | GetApps application |
Affected:
GetApps application , ≤ 31.2.5.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "getapps_application",
"vendor": "xiaomi",
"versions": [
{
"lessThanOrEqual": "31.2.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:30:30.765435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:39:52.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GetApps application",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "32.0.0.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "31.2.5.0",
"status": "affected",
"version": "GetApps application",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T11:24:24.657Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=542"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GetApps application has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26322",
"datePublished": "2024-08-28T07:59:26.998Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2024-08-28T13:39:52.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26323 (GCVE-0-2023-26323)
Vulnerability from cvelistv5 – Published: 2024-08-28 07:53 – Updated: 2025-03-27 16:00
VLAI?
Summary
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
Severity ?
7.6 (High)
CWE
- a code execution vulnerability in Xiaomi App Store
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | App Market |
Affected:
1.0.0 , ≤ 4.57.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:22:30.333129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T16:00:59.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "App Market",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "4.58.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.57.4",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-03-14T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Xiaomi App Store APP 4.57.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "a code execution vulnerability in Xiaomi App Store",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T03:35:34.288Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Xiaomi App Market has a code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26323",
"datePublished": "2024-08-28T07:53:42.801Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2025-03-27T16:00:59.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26321 (GCVE-0-2023-26321)
Vulnerability from cvelistv5 – Published: 2024-08-28 07:51 – Updated: 2025-03-25 15:57
VLAI?
Summary
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
Severity ?
6.3 (Medium)
CWE
- A path traversal vulnerability exists
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi File Manager App International Version |
Affected:
Xiaomi File Manager App International Version , ≤ V1-210567
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "file_manager",
"vendor": "mi",
"versions": [
{
"lessThanOrEqual": "v1-210586",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:39:58.176575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:57:26.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Xiaomi File Manager App International Version",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "V1-210586",
"status": "unaffected"
}
],
"lessThanOrEqual": "V1-210567",
"status": "affected",
"version": "Xiaomi File Manager App International Version",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-08T07:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Xiaomi File Manager App International Version V1-210567"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A path traversal vulnerability exists",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T07:51:28.809Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The international version of Xiaomi File Manager has a path traversal vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26321",
"datePublished": "2024-08-28T07:51:28.809Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2025-03-25T15:57:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26324 (GCVE-0-2023-26324)
Vulnerability from cvelistv5 – Published: 2024-08-28 07:28 – Updated: 2024-08-28 13:47
VLAI?
Summary
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
Severity ?
8.8 (High)
CWE
- A code execution vulnerability exists
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | GetApps application |
Affected:
GetApps application , ≤ 30.6.0.2
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "getapps_application",
"vendor": "xiaomi",
"versions": [
{
"lessThanOrEqual": "30.6.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:46:06.441446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:47:11.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GetApps application",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "30.6.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "30.6.0.2",
"status": "affected",
"version": "GetApps application",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-05-06T06:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "GetApps application 30.6.0.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A code execution vulnerability exists",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T07:35:40.482Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://https://trust.mi.com/misrc/bulletins/advisory?cveId=544"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GetApps application has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26324",
"datePublished": "2024-08-28T07:28:35.809Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2024-08-28T13:47:11.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45346 (GCVE-0-2024-45346)
Vulnerability from cvelistv5 – Published: 2024-08-28 06:44 – Updated: 2025-04-08 20:42
VLAI?
Summary
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
Severity ?
8.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | GetApps application |
Affected:
GetApps application , ≤ 30.2.7.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "getapps_application",
"vendor": "xiaomi",
"versions": [
{
"lessThanOrEqual": "30.2.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:41:21.505287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:42:58.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GetApps application",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "30.6.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "30.2.7.0",
"status": "affected",
"version": "GetApps application",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-05-06T06:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eThe Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T06:53:40.971Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=545"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GetApps application has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45346",
"datePublished": "2024-08-28T06:44:40.297Z",
"dateReserved": "2024-08-28T02:24:34.837Z",
"dateUpdated": "2025-04-08T20:42:58.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26315 (GCVE-0-2023-26315)
Vulnerability from cvelistv5 – Published: 2024-08-26 11:47 – Updated: 2024-10-08 09:49
VLAI?
Summary
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Router AX9000 |
Affected:
1.0.0 , ≤ 1.0.168
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T17:40:00.468306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T17:40:11.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Router AX9000",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "1.0.174",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.168",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-06T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device."
}
],
"value": "The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T09:49:35.915Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=546"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Xiaomi router has a command injection vulnerability after authorization",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26315",
"datePublished": "2024-08-26T11:47:17.867Z",
"dateReserved": "2023-02-22T16:59:28.182Z",
"dateUpdated": "2024-10-08T09:49:35.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26320 (GCVE-0-2023-26320)
Vulnerability from cvelistv5 – Published: 2023-10-11 06:49 – Updated: 2024-10-08 09:14
VLAI?
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi Router |
Affected:
0 , < fw version before 2023.2
(2023.2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=540"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:xiaomi_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xiaomi_router",
"vendor": "xiaomi",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:15:31.854558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:21:20.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi Router",
"vendor": "Xiaomi",
"versions": [
{
"lessThan": "fw version before 2023.2",
"status": "affected",
"version": "0",
"versionType": "2023.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Xiaomi Xiaomi Router allows Command Injection."
}
],
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Xiaomi Xiaomi Router allows Command Injection."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T09:14:15.410Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=540"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Xiaomi Router external request interface vulnerability leads to stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26320",
"datePublished": "2023-10-11T06:49:50.375Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2024-10-08T09:14:15.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26319 (GCVE-0-2023-26319)
Vulnerability from cvelistv5 – Published: 2023-10-11 06:45 – Updated: 2024-10-08 09:15
VLAI?
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
Severity ?
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi Router |
Affected:
0 , < fw version before 2023.2
(2023.2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=536"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:xiaomi_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "xiaomi_router",
"vendor": "xiaomi",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:15:04.102560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:15:55.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi Router",
"vendor": "Xiaomi",
"versions": [
{
"lessThan": "fw version before 2023.2",
"status": "affected",
"version": "0",
"versionType": "2023.2"
}
]
}
],
"datePublic": "2023-08-01T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Xiaomi Xiaomi Router allows Command Injection."
}
],
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Xiaomi Xiaomi Router allows Command Injection."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T09:15:37.726Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=536"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Xiaomi Router administration interface vulnerability leads command injection and stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26319",
"datePublished": "2023-10-11T06:45:07.195Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2024-10-08T09:15:37.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26318 (GCVE-0-2023-26318)
Vulnerability from cvelistv5 – Published: 2023-10-11 06:42 – Updated: 2024-09-18 18:07
VLAI?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.
Severity ?
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi Router |
Affected:
0 , < fw version before 2023.2
(2023.2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=539"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:xiaomi_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xiaomi_router",
"vendor": "xiaomi",
"versions": [
{
"lessThan": "fw_version_before_2023.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:04:56.887859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:07:54.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xiaomi Router",
"vendor": "Xiaomi",
"versions": [
{
"lessThan": "fw version before 2023.2",
"status": "affected",
"version": "0",
"versionType": "2023.2"
}
]
}
],
"datePublic": "2023-08-01T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers."
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T06:42:16.620Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=539"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Xiaomi router web interface post-authorization stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26318",
"datePublished": "2023-10-11T06:42:16.620Z",
"dateReserved": "2023-02-22T16:59:28.182Z",
"dateUpdated": "2024-09-18T18:07:54.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26316 (GCVE-0-2023-26316)
Vulnerability from cvelistv5 – Published: 2023-08-02 00:00 – Updated: 2024-09-27 21:58
VLAI?
Summary
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi cloud service Application |
Affected:
Xiaomi cloud service Application < 1.12.0.0.25
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=322"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T21:50:09.403135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T21:58:10.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi cloud service Application",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi cloud service Application \u003c 1.12.0.0.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview\u0027s whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account\u0027s cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T00:00:00",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=322"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26316",
"datePublished": "2023-08-02T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-09-27T21:58:10.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26317 (GCVE-0-2023-26317)
Vulnerability from cvelistv5 – Published: 2023-08-02 00:00 – Updated: 2024-10-16 20:07
VLAI?
Summary
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi router |
Affected:
Xiaomi Router Firmware version before 2023.2 , ≤ 2023.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T19:56:08.393776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T20:07:44.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Xiaomi router",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "2023.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2023.2",
"status": "affected",
"version": "Xiaomi Router Firmware version before 2023.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eXiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T09:44:23.934Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Xiaomi router external request interface has command injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26317",
"datePublished": "2023-08-02T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-10-16T20:07:44.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14140 (GCVE-0-2020-14140)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:10
VLAI?
Summary
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.
Severity ?
7.5 (High)
CWE
- Unauthenticated API that can reveal WIFI password vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi Multiple Devices |
Affected:
Xiaomi Multiple Devices, firmware update time in 2020-2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-14140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:09:07.172437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:10:37.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi Multiple Devices",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi Multiple Devices, firmware update time in 2020-2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated API that can reveal WIFI password vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=506"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14140",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2020-06-15T00:00:00.000Z",
"dateUpdated": "2025-02-18T17:10:37.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14129 (GCVE-0-2020-14129)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2024-08-04 12:39
VLAI?
Summary
A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.
Severity ?
No CVSS data available.
CWE
- Vulnerability logic vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi a certain APP |
Affected:
Affected Version:3.4.5.18 Fixed Version:3.4.5.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi a certain APP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affected Version:3.4.5.18 Fixed Version:3.4.5.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Vulnerability logic vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14129",
"datePublished": "2022-10-11T00:00:00",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14131 (GCVE-0-2020-14131)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2024-08-04 12:39
VLAI?
Summary
The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
Severity ?
No CVSS data available.
CWE
- a lack of identity verification
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi specific devices |
Affected:
Xiaomi specific devices,Affected Version:11,Fixed Version:12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi specific devices",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi specific devices,Affected Version:11,Fixed Version:12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "a lack of identity verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=153"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14131",
"datePublished": "2022-10-11T00:00:00",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14114 (GCVE-0-2020-14114)
Vulnerability from cvelistv5 – Published: 2022-07-22 15:32 – Updated: 2024-08-04 12:39
VLAI?
Summary
information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi SmartHome APP |
Affected:
Xiaomi SmartHome APP <=6.4.701
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi SmartHome APP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi SmartHome APP \u003c=6.4.701"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:32:00",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi SmartHome APP",
"version": {
"version_data": [
{
"version_value": "Xiaomi SmartHome APP \u003c=6.4.701"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14114",
"datePublished": "2022-07-22T15:32:00",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14126 (GCVE-0-2020-14126)
Vulnerability from cvelistv5 – Published: 2022-07-22 15:30 – Updated: 2024-08-04 12:39
VLAI?
Summary
Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Mi Sound APP |
Affected:
Mi Sound APP <=2.2.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mi Sound APP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mi Sound APP \u003c=2.2.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:30:39",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mi Sound APP",
"version": {
"version_data": [
{
"version_value": "Mi Sound APP \u003c=2.2.40"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14126",
"datePublished": "2022-07-22T15:30:39",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14127 (GCVE-0-2020-14127)
Vulnerability from cvelistv5 – Published: 2022-07-14 14:46 – Updated: 2024-08-04 12:39
VLAI?
Summary
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Redmi K40 ,Redmi Note10 Pro |
Affected:
Redmi K40 MIUI<2022.07.01 ,Redmi Note10 Pro MIUI<2022.07.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redmi K40 ,Redmi Note10 Pro",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Redmi K40 MIUI\u003c2022.07.01 ,Redmi Note10 Pro MIUI\u003c2022.07.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T14:46:49",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redmi K40 ,Redmi Note10 Pro",
"version": {
"version_data": [
{
"version_value": "Redmi K40 MIUI\u003c2022.07.01 ,Redmi Note10 Pro MIUI\u003c2022.07.01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14127",
"datePublished": "2022-07-14T14:46:49",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14125 (GCVE-0-2020-14125)
Vulnerability from cvelistv5 – Published: 2022-06-08 14:14 – Updated: 2024-08-04 12:39
VLAI?
Summary
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service.
Severity ?
No CVSS data available.
CWE
- Denial of service vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Redmi Note 11 ,Redmi Note 9T |
Affected:
Redmi Note 11 MIUI<2022.01.26, Redmi Note 9T MIUI<2022.01.26
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redmi Note 11 ,Redmi Note 9T",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Redmi Note 11 MIUI\u003c2022.01.26, Redmi Note 9T MIUI\u003c2022.01.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T14:14:57",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redmi Note 11 ,Redmi Note 9T",
"version": {
"version_data": [
{
"version_value": "Redmi Note 11 MIUI\u003c2022.01.26, Redmi Note 9T MIUI\u003c2022.01.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14125",
"datePublished": "2022-06-08T14:14:57",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14123 (GCVE-0-2020-14123)
Vulnerability from cvelistv5 – Published: 2022-04-22 15:17 – Updated: 2024-08-04 12:39
VLAI?
Summary
There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.
Severity ?
No CVSS data available.
CWE
- Pointer Double Free Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIUI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MIUI version 12.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pointer Double Free Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:17:36",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIUI",
"version": {
"version_data": [
{
"version_value": "MIUI version 12.5.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pointer Double Free Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14123",
"datePublished": "2022-04-22T15:17:36",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14117 (GCVE-0-2020-14117)
Vulnerability from cvelistv5 – Published: 2022-04-21 17:40 – Updated: 2024-08-04 12:39
VLAI?
Summary
A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.
Severity ?
No CVSS data available.
CWE
- Improper permission configuration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi Content Center APP |
Affected:
Xiaomi Content Center APP version < 4.4.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi Content Center APP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi Content Center APP version \u003c 4.4.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper permission configuration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-21T17:40:02",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi Content Center APP",
"version": {
"version_data": [
{
"version_value": "Xiaomi Content Center APP version \u003c 4.4.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper permission configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14117",
"datePublished": "2022-04-21T17:40:02",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14118 (GCVE-0-2020-14118)
Vulnerability from cvelistv5 – Published: 2022-04-21 17:33 – Updated: 2024-08-04 12:39
VLAI?
Summary
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps.
Severity ?
No CVSS data available.
CWE
- Intent redirection vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Mi App Store |
Affected:
Mi App Store version <4.10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mi App Store",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mi App Store version \u003c4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Intent redirection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-21T17:33:02",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=144"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mi App Store",
"version": {
"version_data": [
{
"version_value": "Mi App Store version \u003c4.10.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Intent redirection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=144",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=144"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14118",
"datePublished": "2022-04-21T17:33:02",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}