Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mi xiaomi - vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2019-15843
A malicious file upload vulnerability exists in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing.
Mi Xiaomi Millet Firmware 1-6.3.9.3
5.8
CVSSv2
CVE-2022-31277
Xiaomi Lamp 1 v2.0.4_0066 exists to be vulnerable to replay attacks. This allows malicious users to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.
Mi Xiaomi Lamp 1 Firmware 2.0.4 0066
7.2
CVSSv2
CVE-2020-10262
An issue exists on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID o...
Mi Xiaomi Xiaoai Speaker Pro Lx06 Firmware 1.58.10
7.2
CVSSv2
CVE-2020-10263
An issue exists on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech t...
Mi Xiaomi Xiaoai Speaker Pro Lx06 Firmware 1.52.4
5
CVSSv2
CVE-2018-20523
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser....
Mi Stock Browser 10.2.4g
Mi Redmi 7 Firmware -
Mi Redmi Note 7 Firmware -
Mi Redmi Note 6 Pro Firmware -
Mi Redmi 6 Firmware -
Mi Redmi 6a Firmware -
Mi Redmi S2 Firmware -
Mi Redmi Note 5 Pro Firmware -
Mi Redmi K20 Pro Firmware -
Mi Redmi K20 Firmware -
Mi Redmi 7a Firmware -
Mi Redmi Go Firmware -
Mi Redmi Note 5 Firmware -
Mi Redmi Y3 Firmware -
Mi Redmi Note 7s Firmware -
Mi Redmi 4a Firmware -
Mi Redmi Note 4 Firmware -
Mi Redmi 5 Plus Firmware -
Mi Redmi Note 5a Prime Firmware -
4.3
CVSSv2
CVE-2019-10875
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown ...
Mi Mi Browser 10.5.6-g
Mi Mint Browser 1.5.3
9
CVSSv2
CVE-2018-16130
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows malicious users to execute arbitrary system commands via the "payload" URL parameter.
Mi Miwifi Os 2.22.15
9
CVSSv2
CVE-2018-13023
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows malicious users to execute system commands via the "timeout" URL parameter.
Mi Miwifi Os 2.22.15
5
CVSSv2
CVE-2019-15914
An issue exists on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
Mi Dgnwg03lm Firmware -
Mi Zncz03lm Firmware -
Mi Mccgq01lm Firmware -
Mi Wsdcgq01lm Firmware -
Mi Rtcgq01lm Firmware -
5
CVSSv2
CVE-2019-15915
An issue exists on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.
Mi Dgnwg03lm Firmware -
Mi Zncz03lm Firmware -
Mi Mccgq01lm Firmware -
Mi Rtcgq01lm Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »