CVE-2024-45361

Published: Mar 27, 2025Modified: Mar 27, 2025

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: security@xiaomi.com (Secondary)

Description

A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=558

Source: security@xiaomi.com

Timeline

No history available yet.