Filtered by vendor Mi
Subscribe
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6065 | 4 Debian, Google, Mi and 1 more | 6 Debian Linux, Chrome, Mi6 Browser and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | |||||
| CVE-2018-16307 | 1 Mi | 2 Xiaomi Miwifi Xiaomi 55dd, Xiaomi Miwifi Xiaomi 55dd Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response. | |||||
| CVE-2018-16130 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter. | |||||
| CVE-2018-14060 | 1 Mi | 2 Xiaomi R3d, Xiaomi R3d Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | |||||
| CVE-2018-14010 | 1 Mi | 7 Xiaomi R3, Xiaomi R3c, Xiaomi R3c Firmware and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | |||||
| CVE-2018-13023 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | |||||
| CVE-2018-13022 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | |||||
| CVE-2023-26320 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2024-10-08 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||||
| CVE-2023-26319 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2024-10-08 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||||
| CVE-2023-26317 | 1 Mi | 1 Xiaomi Router Firmware | 2024-10-08 | N/A | 9.8 CRITICAL |
| Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing. | |||||
| CVE-2023-26315 | 1 Mi | 2 Ax9000, Ax9000 Firmware | 2024-10-08 | N/A | 8.8 HIGH |
| The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device. | |||||
| CVE-2023-26324 | 1 Mi | 1 Getapps | 2024-09-12 | N/A | 9.8 CRITICAL |
| A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. | |||||
| CVE-2023-26322 | 1 Mi | 1 Getapps | 2024-09-12 | N/A | 9.8 CRITICAL |
| A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. | |||||
| CVE-2023-26323 | 1 Mi | 1 App Market | 2024-09-12 | N/A | 9.8 CRITICAL |
| A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. | |||||
| CVE-2023-26321 | 1 Mi | 1 File Manager | 2024-09-12 | N/A | 9.8 CRITICAL |
| A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file. | |||||
| CVE-2023-26316 | 1 Mi | 1 Xiaomi Cloud | 2024-02-05 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies. | |||||
| CVE-2022-36757 | 1 Mi | 1 Mi Browser | 2024-02-04 | N/A | N/A |
| Xaomi Mi Browser v13.10.0-gn contains a vulnerability which allows attackers to execute arbitrary code via user interaction with a crafted URL. | |||||
| CVE-2020-14126 | 1 Mi | 1 Sound | 2024-02-04 | N/A | 7.5 HIGH |
| Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. | |||||
| CVE-2020-14127 | 1 Mi | 3 Miui, Redmi K40, Redmi Note 10 Pro | 2024-02-04 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service. | |||||