Filtered by vendor Mi
Subscribe
Total
89 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-14122 | 1 Mi | 1 Miui | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage. | |||||
CVE-2020-14111 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. | |||||
CVE-2020-14118 | 1 Mi | 1 Mi App Store | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps. | |||||
CVE-2022-31277 | 1 Mi | 2 Xiaomi Lamp 1, Xiaomi Lamp 1 Firmware | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request. | |||||
CVE-2020-14116 | 1 Mi | 1 Mi Browser | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this. | |||||
CVE-2020-14112 | 1 Mi | 2 Ax6000, Ax6000 Firmware | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. | |||||
CVE-2020-14110 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | |||||
CVE-2020-14124 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. | |||||
CVE-2020-14107 | 1 Mi | 1 Xiaomi Mirror Screen | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN. | |||||
CVE-2020-14109 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | |||||
CVE-2020-14119 | 1 Mi | 1 Ax3600 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 | |||||
CVE-2020-14130 | 1 Mi | 1 Xiaomi | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 | |||||
CVE-2021-31610 | 2 Bluetrum, Mi | 6 Ab5376t, Ab5376t Firmware, Bt8896a and 3 more | 2024-02-04 | 6.1 MEDIUM | 6.5 MEDIUM |
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | |||||
CVE-2020-14106 | 1 Mi | 1 Miui | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. | |||||
CVE-2020-14099 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | |||||
CVE-2020-14105 | 1 Mi | 2 Mi 10, Miui | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | |||||
CVE-2020-14104 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | |||||
CVE-2020-14103 | 1 Mi | 2 Mi 10, Miui | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | |||||
CVE-2020-14098 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | |||||
CVE-2020-14101 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. |