Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiaomi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-14125
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by malicious users to make denial of service.
Mi Miui
9.8
CVSSv3
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3d Firmware
1 Github repository
7.5
CVSSv3
CVE-2020-14099
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
5.5
CVSSv3
CVE-2019-8413
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).
Mi Mi Mix 2 Firmware 4.4.78
8.8
CVSSv3
CVE-2022-31277
Xiaomi Lamp 1 v2.0.4_0066 exists to be vulnerable to replay attacks. This allows malicious users to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.
Mi Xiaomi Lamp 1 Firmware 2.0.4 0066
9.8
CVSSv3
CVE-2020-11960
Xiaomi router R3600 ROM prior to 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS
Mi Xiaomi R3600 Firmware
5.5
CVSSv3
CVE-2019-15471
The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allow...
Mi Mix 2s Firmware -
5.5
CVSSv3
CVE-2019-15470
The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that al...
Mi Redmi Note 6 Pro Firmware -
5.5
CVSSv3
CVE-2019-15469
The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows o...
Mi Pad 4 Firmware -
6.5
CVSSv3
CVE-2019-12500
The Xiaomi M365 scooter 2019-02-12 prior to 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking.
Mi M365 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »