Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-14098
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
7.2
CVSSv3
CVE-2020-14102
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
6.1
CVSSv3
CVE-2020-14118
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps.
Mi Mi App Store
7.5
CVSSv3
CVE-2020-14099
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
7.5
CVSSv3
CVE-2020-14101
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
5.5
CVSSv3
CVE-2020-14121
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.
Mi Mi App Store 4.12.2
6.8
CVSSv3
CVE-2020-8994
An issue exists on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAO...
Mi Mdz-25-dt Firmware 1.34.36
Mi Mdz-25-dt Firmware 1.40.14
7.5
CVSSv3
CVE-2018-20823
The gyroscope on Xiaomi Mi 5s devices allows malicious users to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack.
Mi Mi 5s Firmware -
3.3
CVSSv3
CVE-2019-15466
The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721)...
Mi Redmi 6 Pro Firmware -
5.5
CVSSv3
CVE-2019-15468
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows...
Mi A2 Lite Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »