Filtered by vendor Mi
Subscriptions
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14140 | 1 Mi | 1 Xiaomi Router Firmware | 2025-02-18 | 7.5 High |
| When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection. | ||||
| CVE-2018-6065 | 4 Debian, Google, Mi and 1 more | 7 Debian Linux, Chrome, Mi6 Browser and 4 more | 2025-02-05 | 8.8 High |
| Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2024-45348 | 1 Mi | 2 Ax9000, Ax9000 Firmware | 2024-11-25 | 6.4 Medium |
| Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. | ||||
| CVE-2024-37664 | 1 Mi | 1 Redmi Ax6s Firmware | 2024-11-22 | 5.2 Medium |
| Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router. | ||||
| CVE-2024-37663 | 1 Mi | 1 Redmi Ax6s Firmware | 2024-11-22 | 4.1 Medium |
| Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. | ||||
| CVE-2023-27346 | 1 Mi | 1 Ax1800 Firmware | 2024-11-21 | N/A |
| TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19703. | ||||
| CVE-2023-26320 | 2 Mi, Xiaomi | 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router | 2024-11-21 | 7.5 High |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | ||||
| CVE-2023-26319 | 2 Mi, Xiaomi | 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router | 2024-11-21 | 6.7 Medium |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | ||||
| CVE-2023-26318 | 2 Mi, Xiaomi | 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router | 2024-11-21 | 6.7 Medium |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. | ||||
| CVE-2023-26317 | 1 Mi | 1 Xiaomi Router Firmware | 2024-11-21 | 7 High |
| Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing. | ||||
| CVE-2023-26316 | 1 Mi | 1 Xiaomi Cloud | 2024-11-21 | 6.1 Medium |
| A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies. | ||||
| CVE-2022-31277 | 1 Mi | 2 Xiaomi Lamp 1, Xiaomi Lamp 1 Firmware | 2024-11-21 | 8.8 High |
| Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request. | ||||
| CVE-2021-31610 | 2 Bluetrum, Mi | 6 Ab5376t, Ab5376t Firmware, Bt8896a and 3 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | ||||
| CVE-2020-9531 | 1 Mi | 2 Miui, Miui Firmware | 2024-11-21 | 7.3 High |
| An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user's unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: 2001122. | ||||
| CVE-2020-9530 | 1 Mi | 1 Miui Firmware | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54. | ||||
| CVE-2020-8994 | 1 Mi | 2 Mdz-25-dt, Mdz-25-dt Firmware | 2024-11-21 | 6.8 Medium |
| An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker’s SSH service as a backdoor | ||||
| CVE-2020-14131 | 1 Mi | 1 Xiaomi | 2024-11-21 | 9.8 Critical |
| The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | ||||
| CVE-2020-14130 | 1 Mi | 1 Xiaomi | 2024-11-21 | 5.3 Medium |
| Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 | ||||
| CVE-2020-14129 | 1 Mi | 1 Xiaomi | 2024-11-21 | 9.8 Critical |
| A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege. | ||||
| CVE-2020-14127 | 1 Mi | 3 Miui, Redmi K40, Redmi Note 10 Pro | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service. | ||||