Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiaomi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-11961
Xiaomi router R3600 ROM prior to 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
Mi Xiaomi R3600 Firmware
9.8
CVSSv3
CVE-2020-14095
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
Mi Xiaomi R3600 Firmware
9.8
CVSSv3
CVE-2020-14094
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
Mi Xiaomi R3600 Firmware
9.6
CVSSv3
CVE-2020-6461
Use after free in storage in Google Chrome before 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Article
9.6
CVSSv3
CVE-2020-6462
Use after free in task scheduling in Google Chrome before 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Article
6.8
CVSSv3
CVE-2020-10263
An issue exists on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech t...
Mi Xiaomi Xiaoai Speaker Pro Lx06 Firmware 1.52.4
6.8
CVSSv3
CVE-2020-10262
An issue exists on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID o...
Mi Xiaomi Xiaoai Speaker Pro Lx06 Firmware 1.58.10
7.3
CVSSv3
CVE-2020-9531
An issue exists on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can...
Mi Miui Firmware 11.0.5.0.qfaeuxm
6.5
CVSSv3
CVE-2020-9530
An issue exists on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the W...
Mi Miui Firmware 11.0.5.0.qfaeuxm
6.8
CVSSv3
CVE-2020-8994
An issue exists on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAO...
Mi Mdz-25-dt Firmware 1.34.36
Mi Mdz-25-dt Firmware 1.40.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »