Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mi xiaomi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-15913
An issue exists on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing malicious users to gain sensitive information and denial of service attack, take over smart home devices, and tamper with me...
Mi Dgnwg03lm Firmware -
Mi Zncz03lm Firmware -
Mi Mccgq01lm Firmware -
Mi Wsdcgq01lm Firmware -
Mi Rtcgq01lm Firmware -
5
CVSSv2
CVE-2020-14101
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
5
CVSSv2
CVE-2020-14098
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
9
CVSSv2
CVE-2020-14102
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
5
CVSSv2
CVE-2018-19939
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d...
Mi Mi A2 Lite Firmware
Mi Redmi 6 Firmware
5
CVSSv2
CVE-2018-20823
The gyroscope on Xiaomi Mi 5s devices allows malicious users to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack.
Mi Mi 5s Firmware -
7.2
CVSSv2
CVE-2020-8994
An issue exists on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAO...
Mi Mdz-25-dt Firmware 1.34.36
Mi Mdz-25-dt Firmware 1.40.14
5
CVSSv2
CVE-2020-14099
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
4.9
CVSSv2
CVE-2019-8413
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).
Mi Mi Mix 2 Firmware 4.4.78
6.8
CVSSv2
CVE-2019-13322
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Xiaomi Browser before 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
Mi Mi Browser
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »