CVE-2023-26322

Published: Aug 28, 2024Modified: Sep 12, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.

Affected (1)

Products: Mi: Getapps

1 product

Getapps

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mi Getapps	From 31.2.5.0 to 32.0.0.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (1)

https://trust.mi.com/misrc/bulletins/advisory?cveId=542

Source: security@xiaomi.com

Vendor Advisory

Timeline

No history available yet.