Search criteria
3 vulnerabilities found for smarthome by mi
FKIE_CVE-2020-14114
Vulnerability from fkie_nvd - Published: 2022-07-22 16:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mi:smarthome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "201509DF-F2BF-4489-8B7F-9B77E950BE1C",
"versionEndIncluding": "6.4.701",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en la APP Xiaomi SmartHome. Esta vulnerabilidad es causada por las llamadas ilegales de algunas interfaces JS confidenciales, que pueden ser explotadas por los atacantes para filtrar informaci\u00f3n confidencial"
}
],
"id": "CVE-2020-14114",
"lastModified": "2024-11-21T05:02:40.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T16:15:08.000",
"references": [
{
"source": "security@xiaomi.com",
"tags": [
"Vendor Advisory"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
],
"sourceIdentifier": "security@xiaomi.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-14114 (GCVE-0-2020-14114)
Vulnerability from cvelistv5 – Published: 2022-07-22 15:32 – Updated: 2024-08-04 12:39
VLAI?
Summary
information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi SmartHome APP |
Affected:
Xiaomi SmartHome APP <=6.4.701
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi SmartHome APP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi SmartHome APP \u003c=6.4.701"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:32:00",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi SmartHome APP",
"version": {
"version_data": [
{
"version_value": "Xiaomi SmartHome APP \u003c=6.4.701"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14114",
"datePublished": "2022-07-22T15:32:00",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14114 (GCVE-0-2020-14114)
Vulnerability from nvd – Published: 2022-07-22 15:32 – Updated: 2024-08-04 12:39
VLAI?
Summary
information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi SmartHome APP |
Affected:
Xiaomi SmartHome APP <=6.4.701
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi SmartHome APP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi SmartHome APP \u003c=6.4.701"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:32:00",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi SmartHome APP",
"version": {
"version_data": [
{
"version_value": "Xiaomi SmartHome APP \u003c=6.4.701"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14114",
"datePublished": "2022-07-22T15:32:00",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}