Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiaomi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P prior to 2.14.5, R3C prior to 2.12.15, R3 prior to 2.22.15, and R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3p Firmware
Mi Xiaomi R3c Firmware
Mi Xiaomi R3d Firmware
Mi Xiaomi R3
1 Github repository
NA
CVE-2011-4697
The Xiaomi MiTalk Messenger (com.xiaomi.channel) application prior to 2.1.320 for Android does not properly protect data, which allows remote malicious users to read or modify messaging information via a crafted application.
Xiaomi Mitalk Messenger
Xiaomi Mitalk Messenger 1.0
Xiaomi Mitalk Messenger 2.1.280
7.5
CVSSv3
CVE-2018-16307
An "Out-of-band resource load" issue exists on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a ...
Mi Xiaomi Miwifi Xiaomi 55dd Firmware 2.8.50
9.8
CVSSv3
CVE-2020-14129
A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.
Mi Xiaomi -
5.3
CVSSv3
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
Mi Xiaomi
9.8
CVSSv3
CVE-2020-14131
The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi use...
Mi Xiaomi -
6.1
CVSSv3
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by malicious users to steal Xiaomi cloud service account's coo...
Mi Xiaomi Cloud
7.5
CVSSv3
CVE-2020-11959
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM prior to 1.0.50.
Mi Xiaomi R3600 Firmware
9.8
CVSSv3
CVE-2020-14094
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
Mi Xiaomi R3600 Firmware
7.5
CVSSv3
CVE-2020-14140
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the backgroun...
Mi Xiaomi Router Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »