CVE-2019-15843

Published: Sep 18, 2019Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing.

Affected (1)

Products: Mi: Xiaomi Millet Firmware

1 product

Xiaomi Millet Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mi Xiaomi Millet Firmware	Version 1-6.3.9.3

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://sec.xiaomi.com/post/152

Source: cve@mitre.org

Vendor Advisory

https://sec.xiaomi.com/post/152

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.