← Back

Mi

mi

101 CVEs • 148 products

Products (148)

Click to collapse
Toggle
Miui
miui
8 CVEs
Ax3600 Firmware
ax3600_firmware
6 CVEs
Xiaomi R3600 Firmware
xiaomi_r3600_firmware
5 CVEs
Mi Browser
mi_browser
4 CVEs
Ax1800 Firmware
ax1800_firmware
4 CVEs
Rm1800 Firmware
rm1800_firmware
4 CVEs
Miwifi Os
miwifi_os
3 CVEs
Redmi 6 Firmware
redmi_6_firmware
3 CVEs
A2 Lite Firmware
a2_lite_firmware
3 CVEs
Dgnwg03lm Firmware
dgnwg03lm_firmware
3 CVEs
Zncz03lm Firmware
zncz03lm_firmware
3 CVEs
Mccgq01lm Firmware
mccgq01lm_firmware
3 CVEs
Rtcgq01lm Firmware
rtcgq01lm_firmware
3 CVEs
Xiaomi
xiaomi
3 CVEs
Xiaomi Router Ax3200 Firmware
xiaomi_router_ax3200_firmware
3 CVEs
Xiaomi R3d Firmware
xiaomi_r3d_firmware
2 CVEs
Mi6 Browser
mi6_browser
2 CVEs
Redmi Note 6 Pro Firmware
redmi_note_6_pro_firmware
2 CVEs
Millet Router 3g Firmware
millet_router_3g_firmware
2 CVEs
Mix 2s Firmware
mix_2s_firmware
2 CVEs
Wsdcgq01lm Firmware
wsdcgq01lm_firmware
2 CVEs
Miui Firmware
miui_firmware
2 CVEs
Xiaomi Xiaoai Speaker Pro Lx06 Firmware
xiaomi_xiaoai_speaker_pro_lx06_firmware
2 CVEs
Mi App Store
mi_app_store
2 CVEs
Xiaomi Router Firmware
xiaomi_router_firmware
2 CVEs
Xiaomi 13 Pro Firmware
xiaomi_13_pro_firmware
2 CVEs
Redmi Ax6s Firmware
redmi_ax6s_firmware
2 CVEs
Ax9000 Firmware
ax9000_firmware
2 CVEs
Getapps
getapps
2 CVEs
Xiaomi R3p Firmware
xiaomi_r3p_firmware
1 CVE
Xiaomi R3c Firmware
xiaomi_r3c_firmware
1 CVE
Xiaomi R3
xiaomi_r3
1 CVE
Xiaomi Miwifi Xiaomi 55dd Firmware
xiaomi_miwifi_xiaomi_55dd_firmware
1 CVE
Mi A2 Lite Firmware
mi_a2_lite_firmware
1 CVE
Xiaomi Mi A1 Firmware
xiaomi_mi-a1_firmware
1 CVE
Mi Mix 2 Firmware
mi_mix_2_firmware
1 CVE
Mint Browser
mint_browser
1 CVE
Mi 5s Firmware
mi_5s_firmware
1 CVE
M365 Firmware
m365_firmware
1 CVE
Mi 5s Plus Firmware
mi_5s_plus_firmware
1 CVE
Stock Browser
stock_browser
1 CVE
Redmi 7 Firmware
redmi_7_firmware
1 CVE
Redmi Note 7 Firmware
redmi_note_7_firmware
1 CVE
Redmi 6a Firmware
redmi_6a_firmware
1 CVE
Redmi S2 Firmware
redmi_s2_firmware
1 CVE
Redmi Note 5 Pro Firmware
redmi_note_5_pro_firmware
1 CVE
Redmi K20 Pro Firmware
redmi_k20_pro_firmware
1 CVE
Redmi K20 Firmware
redmi_k20_firmware
1 CVE
Redmi 7a Firmware
redmi_7a_firmware
1 CVE
Redmi Go Firmware
redmi_go_firmware
1 CVE
Redmi Note 5 Firmware
redmi_note_5_firmware
1 CVE
Redmi Y3 Firmware
redmi_y3_firmware
1 CVE
Redmi Note 7s Firmware
redmi_note_7s_firmware
1 CVE
Redmi 4a Firmware
redmi_4a_firmware
1 CVE
Redmi Note 4 Firmware
redmi_note_4_firmware
1 CVE
Redmi 5 Plus Firmware
redmi_5_plus_firmware
1 CVE
Redmi Note 5a Prime Firmware
redmi_note_5a_prime_firmware
1 CVE
Xiaomi Millet Firmware
xiaomi_millet_firmware
1 CVE
Redmi 5 Firmware
redmi_5_firmware
1 CVE
5s Plus Firmware
5s_plus_firmware
1 CVE
Mix Firmware
mix_firmware
1 CVE
Note 2 Firmware
note_2_firmware
1 CVE
Redmi 6 Pro Firmware
redmi_6_pro_firmware
1 CVE
Pad 4 Firmware
pad_4_firmware
1 CVE
Cepheus Firmware
cepheus_firmware
1 CVE
A3 Firmware
a3_firmware
1 CVE
Mdz 25 Dt Firmware
mdz-25-dt_firmware
1 CVE
Mijia Inkjet Printer Firmware
mijia_inkjet_printer_firmware
1 CVE
Xiaomi Ai Speaker Firmware
xiaomi_ai_speaker_firmware
1 CVE
R3600 Firmware
r3600_firmware
1 CVE
Redmi Ax6 Firmware
redmi_ax6_firmware
1 CVE
Ax3600
ax3600
1 CVE
Mi True Wireless Earbuds Basic 2 Firmware
mi_true_wireless_earbuds_basic_2_firmware
1 CVE
Xiaomi Mirror Screen
xiaomi_mirror_screen
1 CVE
Ax6000 Firmware
ax6000_firmware
1 CVE
Content Center
content_center
1 CVE
Xiaomi Lamp 1 Firmware
xiaomi_lamp_1_firmware
1 CVE
Smarthome
smarthome
1 CVE
Sound
sound
1 CVE
Xiaomi Cloud
xiaomi_cloud
1 CVE
File Manager
file_manager
1 CVE
App Market
app_market
1 CVE
Xiaomi R3p
xiaomi_r3p
0 CVEs
Xiaomi R3c
xiaomi_r3c
0 CVEs
Xiaomi R3d
xiaomi_r3d
0 CVEs
Xiaomi Miwifi Xiaomi 55dd
xiaomi_miwifi_xiaomi_55dd
0 CVEs
Mi Router 3
mi_router_3
0 CVEs
Mi A2 Lite
mi_a2_lite
0 CVEs
Redmi 6
redmi_6
0 CVEs
Xiaomi Mi A1
xiaomi_mi-a1
0 CVEs
Mi Mix 2
mi_mix_2
0 CVEs
Mi 5s
mi_5s
0 CVEs
M365
m365
0 CVEs
Mi 5s Plus
mi_5s_plus
0 CVEs
Redmi 7
redmi_7
0 CVEs
Redmi Note 7
redmi_note_7
0 CVEs
Redmi Note 6 Pro
redmi_note_6_pro
0 CVEs
Redmi 6a
redmi_6a
0 CVEs
Redmi S2
redmi_s2
0 CVEs
Redmi Note 5 Pro
redmi_note_5_pro
0 CVEs

CVEs (101)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-14105
1Mi
1Miui
Nov 21, 2024
Apr 20, 2021
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
CVE-2020-14106
1Mi
1Miui
Nov 21, 2024
Apr 8, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.
CVE-2020-14103
1Mi
1Miui
Nov 21, 2024
Apr 8, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
CVE-2020-14104
1Mi
1Ax3600 Firmware
Nov 21, 2024
Apr 8, 2021
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.
CVE-2020-14099
1Mi
2Ax1800 Firmware
Rm1800 Firmware
Nov 21, 2024
Apr 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
CVE-2020-14102
1Mi
2Ax1800 Firmware
Rm1800 Firmware
Nov 21, 2024
Jan 13, 2021
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800...Show more
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.Show less
CVE-2020-14101
1Mi
2Ax1800 Firmware
Rm1800 Firmware
Nov 21, 2024
Jan 13, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
CVE-2020-14098
1Mi
2Ax1800 Firmware
Rm1800 Firmware
Nov 21, 2024
Jan 13, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.2...Show more
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.Show less
CVE-2020-14097
1Mi
1Redmi Ax6 Firmware
Nov 21, 2024
Jan 13, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18.
CVE-2020-14100
1Mi
1R3600 Firmware
Nov 21, 2024
Sep 11, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
CVE-2020-14096
1Mi
1Xiaomi Ai Speaker Firmware
Nov 21, 2024
Sep 11, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process.
CVE-2020-11961
1Mi
1Xiaomi R3600 Firmware
Nov 21, 2024
Jun 24, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
CVE-2020-11960
1Mi
1Xiaomi R3600 Firmware
Nov 21, 2024
Jun 24, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS
CVE-2020-11959
1Mi
1Xiaomi R3600 Firmware
Nov 21, 2024
Jun 24, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
CVE-2020-10561
1Mi
1Mijia Inkjet Printer Firmware
Nov 21, 2024
Jun 24, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities.
CVE-2020-14095
1Mi
1Xiaomi R3600 Firmware
Nov 21, 2024
Jun 24, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
CVE-2020-14094
1Mi
1Xiaomi R3600 Firmware
Nov 21, 2024
Jun 24, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
CVE-2020-10263
1Mi
1Xiaomi Xiaoai Speaker Pro Lx06 Firmware
Nov 21, 2024
Apr 8, 2020
N/A· v4
6.8 MEDIUM· v3
7.2 HIGH· v2
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between...Show more
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.Show less
CVE-2020-10262
1Mi
1Xiaomi Xiaoai Speaker Pro Lx06 Firmware
Nov 21, 2024
Apr 8, 2020
N/A· v4
6.8 MEDIUM· v3
7.2 HIGH· v2
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the...Show more
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro (LX06), (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’s SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.Show less
CVE-2020-9531
1Mi
1Miui Firmware
Nov 21, 2024
Mar 6, 2020
N/A· v4
7.3 HIGH· v3
4.3 MEDIUM· v2
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components...Show more
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user's unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: 2001122.Show less