Vulnerabilities > CVE-2020-14121 - Incorrect Authorization vulnerability in MI APP Store 4.12.2

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
mi
CWE-863

Summary

A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.

Vulnerable Configurations

Part Description Count
Application
Mi
1

Common Weakness Enumeration (CWE)