Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mi xiaomi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P prior to 2.14.5, R3C prior to 2.12.15, R3 prior to 2.22.15, and R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3p Firmware
Mi Xiaomi R3c Firmware
Mi Xiaomi R3d Firmware
Mi Xiaomi R3
1 Github repository
9.8
CVSSv3
CVE-2018-18698
An issue exists on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.
Mi Xiaomi Mi-a1 Firmware -
7.5
CVSSv3
CVE-2018-16307
An "Out-of-band resource load" issue exists on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a ...
Mi Xiaomi Miwifi Xiaomi 55dd Firmware 2.8.50
9.8
CVSSv3
CVE-2020-14129
A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.
Mi Xiaomi -
5.3
CVSSv3
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
Mi Xiaomi
9.8
CVSSv3
CVE-2020-14131
The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi use...
Mi Xiaomi -
6.1
CVSSv3
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by malicious users to steal Xiaomi cloud service account's coo...
Mi Xiaomi Cloud
7.5
CVSSv3
CVE-2020-11961
Xiaomi router R3600 ROM prior to 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
Mi Xiaomi R3600 Firmware
7.5
CVSSv3
CVE-2020-11959
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM prior to 1.0.50.
Mi Xiaomi R3600 Firmware
9.8
CVSSv3
CVE-2020-11960
Xiaomi router R3600 ROM prior to 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS
Mi Xiaomi R3600 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »