Mi

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-14127 1Mi 1Miui Nov 21, 2024 Jul 14, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
CVE-2022-31277 1Mi 1Xiaomi Lamp 1 Firmware Nov 21, 2024 Jun 16, 2022 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST reque...Show more Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.Show less
CVE-2020-14125 1Mi 1Miui Nov 21, 2024 Jun 8, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service.
CVE-2020-14123 1Mi 1Miui Nov 21, 2024 Apr 22, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through...Show more There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.Show less
CVE-2020-14122 1Mi 1Miui Nov 21, 2024 Apr 21, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.
CVE-2020-14121 1Mi 1Mi App Store Nov 21, 2024 Apr 21, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent i...Show more A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.Show less
CVE-2020-14120 1Mi 1Miui Nov 21, 2024 Apr 21, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install...Show more Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected.Show less
CVE-2020-14118 1Mi 1Mi App Store Nov 21, 2024 Apr 21, 2022 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and i...Show more An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps.Show less
CVE-2020-14117 1Mi 1Content Center Nov 21, 2024 Apr 21, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vul...Show more A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.Show less
CVE-2020-14116 1Mi 1Mi Browser Nov 21, 2024 Apr 21, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting th...Show more An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this.Show less
CVE-2020-14115 1Mi 1Ax3600 Firmware Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
CVE-2020-14112 1Mi 1Ax6000 Firmware Nov 21, 2024 Mar 10, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router A...Show more Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000.Show less
CVE-2020-14111 1Mi 1Ax3600 Firmware Nov 21, 2024 Mar 10, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
CVE-2020-14110 1Mi 1Ax3600 Firmware Nov 21, 2024 Jan 18, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
CVE-2020-14107 1Mi 1Xiaomi Mirror Screen Nov 21, 2024 Jan 18, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN.
CVE-2020-14124 1Mi 1Ax3600 Firmware Nov 21, 2024 Sep 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
CVE-2020-14119 1Mi 1Ax3600 Nov 21, 2024 Sep 16, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
CVE-2020-14130 1Mi 1Xiaomi Nov 21, 2024 Sep 16, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
CVE-2020-14109 1Mi 1Ax3600 Firmware Nov 21, 2024 Sep 16, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
CVE-2021-31610 2Bluetrum Mi 3Ab5376t Firmware Bt8896a FirmwareMi True Wireless Earbuds Basic 2 Firmware Nov 21, 2024 Sep 7, 2021 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or...Show more The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data.Show less

Previous 123 4 5 6 Next