Vulnerabilities > MI

DATE CVE VULNERABILITY TITLE RISK
2021-09-16 CVE-2020-14119 Command Injection vulnerability in MI Ax3600
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
network
low complexity
mi CWE-77
critical
10.0
2021-09-16 CVE-2020-14124 Classic Buffer Overflow vulnerability in MI Ax3600 Firmware 1.0.50/1.1.12
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
network
low complexity
mi CWE-120
7.5
2021-09-16 CVE-2020-14109 Command Injection vulnerability in MI Ax3600 Firmware 1.0.50/1.1.12
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
network
low complexity
mi CWE-77
critical
9.0
2021-09-16 CVE-2020-14130 Exposure of Resource to Wrong Sphere vulnerability in MI Xiaomi
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
network
low complexity
mi CWE-668
5.0
2021-09-07 CVE-2021-31610 The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data.
low complexity
mi bluetrum
6.1
2021-04-20 CVE-2020-14105 Unspecified vulnerability in MI Miui
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
local
low complexity
mi
2.1
2021-04-08 CVE-2020-14106 Incorrect Authorization vulnerability in MI Miui
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.
network
mi CWE-863
4.3
2021-04-08 CVE-2020-14103 Unspecified vulnerability in MI Miui
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
network
mi
4.3
2021-04-08 CVE-2020-14104 Race Condition vulnerability in MI Ax3600 Firmware
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.
network
mi CWE-362
6.8
2021-04-08 CVE-2020-14099 Use of Hard-coded Credentials vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
network
low complexity
mi CWE-798
5.0