Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiaomi vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2019-15473
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allow...
Mi A2 Lite Firmware -
5.5
CVSSv3
CVE-2020-14106
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.
Mi Miui
9.8
CVSSv3
CVE-2020-14124
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
Mi Ax3600 Firmware
9.8
CVSSv3
CVE-2020-14119
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
Mi Ax3600
7.5
CVSSv3
CVE-2019-15915
An issue exists on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.
Mi Dgnwg03lm Firmware -
Mi Zncz03lm Firmware -
Mi Mccgq01lm Firmware -
Mi Rtcgq01lm Firmware -
9.8
CVSSv3
CVE-2020-10561
An issue exists on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities.
Mi Mijia Inkjet Printer Firmware
6.1
CVSSv3
CVE-2018-13022
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows malicious users to execute arbitrary JavaScript via a modified URL path.
Mi Miwifi Os 2.22.15
7.2
CVSSv3
CVE-2020-14109
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
Mi Ax3600 Firmware
7.5
CVSSv3
CVE-2019-15914
An issue exists on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
Mi Dgnwg03lm Firmware -
Mi Zncz03lm Firmware -
Mi Mccgq01lm Firmware -
Mi Wsdcgq01lm Firmware -
Mi Rtcgq01lm Firmware -
9.8
CVSSv3
CVE-2020-14100
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
Mi R3600 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »