Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiaomi vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2020-14104
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.
Mi Ax3600 Firmware
7.5
CVSSv3
CVE-2020-14101
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
7.5
CVSSv3
CVE-2020-14097
Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18.
Mi Redmi Ax6 Firmware
7.5
CVSSv3
CVE-2020-14098
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
7.2
CVSSv3
CVE-2020-14102
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Mi Ax1800 Firmware
Mi Rm1800 Firmware
9.8
CVSSv3
CVE-2020-14096
Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process.
Mi Xiaomi Ai Speaker Firmware
9.8
CVSSv3
CVE-2020-14100
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
Mi R3600 Firmware
9.8
CVSSv3
CVE-2020-10561
An issue exists on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities.
Mi Mijia Inkjet Printer Firmware
7.5
CVSSv3
CVE-2020-11959
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM prior to 1.0.50.
Mi Xiaomi R3600 Firmware
9.8
CVSSv3
CVE-2020-11960
Xiaomi router R3600 ROM prior to 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS
Mi Xiaomi R3600 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »