Filtered by vendor Mi
Subscriptions
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14104 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2024-11-21 | 8.1 High |
| A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | ||||
| CVE-2020-14103 | 1 Mi | 2 Mi 10, Miui | 2024-11-21 | 5.5 Medium |
| The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | ||||
| CVE-2020-14102 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-11-21 | 7.2 High |
| There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | ||||
| CVE-2020-14101 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-11-21 | 7.5 High |
| The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | ||||
| CVE-2020-14100 | 1 Mi | 2 R3600, R3600 Firmware | 2024-11-21 | 9.8 Critical |
| In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. | ||||
| CVE-2020-14099 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-11-21 | 7.5 High |
| On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | ||||
| CVE-2020-14098 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-11-21 | 7.5 High |
| The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | ||||
| CVE-2020-14097 | 1 Mi | 2 Redmi Ax6, Redmi Ax6 Firmware | 2024-11-21 | 7.5 High |
| Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18. | ||||
| CVE-2020-14096 | 1 Mi | 2 Xiaomi Ai Speaker, Xiaomi Ai Speaker Firmware | 2024-11-21 | 9.8 Critical |
| Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | ||||
| CVE-2020-14095 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-11-21 | 9.8 Critical |
| In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution. | ||||
| CVE-2020-14094 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-11-21 | 9.8 Critical |
| In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. | ||||
| CVE-2020-11961 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-11-21 | 7.5 High |
| Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication | ||||
| CVE-2020-11960 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-11-21 | 9.8 Critical |
| Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS | ||||
| CVE-2020-11959 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-11-21 | 7.5 High |
| An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. | ||||
| CVE-2020-10561 | 1 Mi | 2 Mijia Inkjet Printer, Mijia Inkjet Printer Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities. | ||||
| CVE-2020-10263 | 1 Mi | 2 Xiaomi Xiaoai Speaker Pro Lx06, Xiaomi Xiaoai Speaker Pro Lx06 Firmware | 2024-11-21 | 6.8 Medium |
| An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks. | ||||
| CVE-2020-10262 | 1 Mi | 2 Xiaomi Xiaoai Speaker Pro Lx06, Xiaomi Xiaoai Speaker Pro Lx06 Firmware | 2024-11-21 | 6.8 Medium |
| An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro (LX06), (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’s SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks. | ||||
| CVE-2019-8413 | 1 Mi | 2 Mi Mix 2, Mi Mix 2 Firmware | 2024-11-21 | N/A |
| On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). | ||||
| CVE-2019-6743 | 1 Mi | 1 Mi6 Browser | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466. | ||||
| CVE-2019-18371 | 1 Mi | 2 Millet Router 3g, Millet Router 3g Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. | ||||