Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiaomi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-15913
An issue exists on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing malicious users to gain sensitive information and denial of service attack, take over smart home devices, and tamper with me...
Mi Dgnwg03lm Firmware -
Mi Zncz03lm Firmware -
Mi Mccgq01lm Firmware -
Mi Wsdcgq01lm Firmware -
Mi Rtcgq01lm Firmware -
9.8
CVSSv3
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P prior to 2.14.5, R3C prior to 2.12.15, R3 prior to 2.22.15, and R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3p Firmware
Mi Xiaomi R3c Firmware
Mi Xiaomi R3d Firmware
Mi Xiaomi R3
1 Github repository
4.2
CVSSv3
CVE-2019-12762
Xiaomi Mi 5s Plus devices allow malicious users to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
Mi Mi 5s Plus Firmware -
Sony Xperia Z4 Firmware -
Samsung Galaxy S6 Edge Firmware -
Samsung Galaxy S4 Firmware -
Google Nexus 7 Firmware -
Google Nexus 9 Firmware -
Sharp Aquos Zeta Sh-04f Firmware -
Fujitsu Arrows Nx F05-f Firmware -
7.5
CVSSv3
CVE-2019-18371
An issue exists on Xiaomi Mi WiFi R3G devices prior to 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the att...
Mi Millet Router 3g Firmware
1 Github repository
7.5
CVSSv3
CVE-2018-19939
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d...
Mi Mi A2 Lite Firmware
Mi Redmi 6 Firmware
8.8
CVSSv3
CVE-2020-14120
Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevate...
Mi Miui 12.5
7.5
CVSSv3
CVE-2018-16307
An "Out-of-band resource load" issue exists on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a ...
Mi Xiaomi Miwifi Xiaomi 55dd Firmware 2.8.50
6.5
CVSSv3
CVE-2020-9530
An issue exists on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the W...
Mi Miui Firmware 11.0.5.0.qfaeuxm
9.8
CVSSv3
CVE-2019-18370
An issue exists on Xiaomi Mi WiFi R3G devices prior to 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the applic...
Mi Millet Router 3g Firmware
2 Github repositories
7.3
CVSSv3
CVE-2020-9531
An issue exists on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can...
Mi Miui Firmware 11.0.5.0.qfaeuxm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »