Mi

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45348 1Mi 1Ax9000 Firmware Nov 25, 2024 Sep 23, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary cod...Show more Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.Show less
CVE-2023-26324 1Mi 1Getapps Sep 12, 2024 Aug 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious c...Show more A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.Show less
CVE-2023-26323 1Mi 1App Market Mar 27, 2025 Aug 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
CVE-2023-26322 1Mi 1Getapps Sep 12, 2024 Aug 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious c...Show more A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.Show less
CVE-2023-26321 1Mi 1File Manager Mar 25, 2025 Aug 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and...Show more A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.Show less
CVE-2023-26315 1Mi 1Ax9000 Firmware Oct 8, 2024 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
CVE-2024-37664 1Mi 1Redmi Ax6s Firmware Jul 9, 2025 Jun 17, 2024 N/A· v4 5.2 MEDIUM· v3 N/A· v2 Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP...Show more Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.Show less
CVE-2024-37663 1Mi 1Redmi Ax6s Firmware Jul 9, 2025 Jun 17, 2024 N/A· v4 4.1 MEDIUM· v3 N/A· v2 Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redir...Show more Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.Show less
CVE-2024-4406 1Mi 1Xiaomi 13 Pro Firmware Aug 13, 2025 May 2, 2024 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartph...Show more Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the integral-dialog-page.html file. When parsing the integralInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22332.Show less
CVE-2024-4405 1Mi 1Xiaomi 13 Pro Firmware Aug 13, 2025 May 2, 2024 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones....Show more Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the manual-upgrade.html file. When parsing the manualUpgradeInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22379.Show less
CVE-2023-26320 1Mi 1Xiaomi Router Ax3200 Firmware Nov 21, 2024 Oct 11, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
CVE-2023-26319 1Mi 1Xiaomi Router Ax3200 Firmware Nov 21, 2024 Oct 11, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
CVE-2023-26318 1Mi 1Xiaomi Router Ax3200 Firmware Nov 21, 2024 Oct 11, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.
CVE-2023-26317 1Mi 1Xiaomi Router Firmware Nov 21, 2024 Aug 2, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to...Show more Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.Show less
CVE-2023-26316 1Mi 1Xiaomi Cloud Nov 21, 2024 Aug 2, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers...Show more A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.Show less
CVE-2020-14140 1Mi 1Xiaomi Router Firmware Feb 18, 2025 Mar 29, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Att...Show more When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.Show less
CVE-2020-14131 1Mi 1Xiaomi Nov 21, 2024 Oct 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC)...Show more The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.Show less
CVE-2020-14129 1Mi 1Xiaomi Nov 21, 2024 Oct 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.
CVE-2020-14126 1Mi 1Sound Nov 21, 2024 Jul 22, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
CVE-2020-14114 1Mi 1Smarthome Nov 21, 2024 Jul 22, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.

12 3 4 5 6 Next