Vulnerabilities > CVE-2020-14130 - Exposure of Resource to Wrong Sphere vulnerability in MI Xiaomi

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

CWE-668

NVD

Published: 2021-09-16

Updated: 2021-09-27

Summary

Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809

Vulnerable Configurations

Part	Description	Count
Application	Mi MI Xiaomi *	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25&locale=zh