← Back

CVE-2018-20523

nvd nist
Published: Jun 7, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.

Affected (19)

Mi
19 products
Stock Browser
Redmi 7 Firmware
Redmi Note 7 Firmware
Redmi Note 6 Pro Firmware
Redmi 6 Firmware
Redmi 6a Firmware
Redmi Note 5 Pro Firmware
Redmi K20 Pro Firmware
Redmi K20 Firmware
Redmi 7a Firmware
Redmi Go Firmware
Redmi Note 5 Firmware
Redmi Y3 Firmware
Redmi Note 7s Firmware
Redmi S2 Firmware
Redmi 4a Firmware
Redmi Note 4 Firmware
Redmi 5 Plus Firmware
Redmi Note 5a Prime Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Stock Browser
Version 10.2.4g
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi 7 Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi 7
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Note 7 Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Note 7
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Note 6 Pro Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Note 6 Pro
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi 6 Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi 6
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi 6a Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi 6a
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Note 5 Pro Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Note 5 Pro
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi K20 Pro Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi K20 Pro
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi K20 Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi K20
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi 7a Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi 7a
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Go Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Go
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Note 5 Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Note 5
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Y3 Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Y3
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Note 7s Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Note 7s
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi S2 Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi S2
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi 4a Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi 4a
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Note 4 Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Note 4
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi 5 Plus Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi 5 Plus
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Redmi Note 5a Prime Firmware
All versions
Running on/withPlatform Versions
Mi
Redmi Note 5a Prime
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (6)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.