Filtered by vendor Mi
Subscribe
Total
91 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-14112 | 1 Mi | 2 Ax6000, Ax6000 Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. | |||||
CVE-2020-14123 | 1 Mi | 1 Miui | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges. | |||||
CVE-2020-14117 | 1 Mi | 1 Content Center | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP. | |||||
CVE-2020-14109 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | |||||
CVE-2020-14124 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. | |||||
CVE-2020-14110 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | |||||
CVE-2020-14119 | 1 Mi | 1 Ax3600 | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 | |||||
CVE-2020-14130 | 1 Mi | 1 Xiaomi | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 | |||||
CVE-2020-14107 | 1 Mi | 1 Xiaomi Mirror Screen | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN. | |||||
CVE-2020-14105 | 1 Mi | 2 Mi 10, Miui | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | |||||
CVE-2020-14099 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | |||||
CVE-2020-14103 | 1 Mi | 2 Mi 10, Miui | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | |||||
CVE-2020-14104 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | |||||
CVE-2020-14106 | 1 Mi | 1 Miui | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. | |||||
CVE-2021-31610 | 2 Bluetrum, Mi | 6 Ab5376t, Ab5376t Firmware, Bt8896a and 3 more | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | |||||
CVE-2020-14097 | 1 Mi | 2 Redmi Ax6, Redmi Ax6 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18. | |||||
CVE-2020-14102 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | |||||
CVE-2020-14101 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | |||||
CVE-2020-14098 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | |||||
CVE-2020-14094 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. |