Vulnerabilities > CVE-2020-14121 - Incorrect Authorization vulnerability in MI APP Store 4.12.2

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

CWE-863

NVD

Published: 2022-04-21

Updated: 2022-07-12

Summary

A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.

Vulnerable Configurations

Part	Description	Count
Application	Mi MI MI APP Store 4.12.2	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=146