Vulnerabilities > MI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2020-14110 | Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50 AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | 7.8 |
| 2021-09-16 | CVE-2020-14119 | Command Injection vulnerability in MI Ax3600 There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 | 9.8 |
| 2021-09-16 | CVE-2020-14124 | Classic Buffer Overflow vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12 There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. | 9.8 |
| 2021-09-16 | CVE-2020-14109 | Command Injection vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12 There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | 7.2 |
| 2021-09-16 | CVE-2020-14130 | Exposure of Resource to Wrong Sphere vulnerability in MI Xiaomi Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 | 5.3 |
| 2021-09-07 | CVE-2021-31610 | The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | 6.5 |
| 2021-04-20 | CVE-2020-14105 | Unspecified vulnerability in MI Miui 12.5/12.5.2 The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | 5.5 |
| 2021-04-08 | CVE-2020-14106 | Incorrect Authorization vulnerability in MI Miui 12.5/12.5.2/2020.01.15 The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. | 5.5 |
| 2021-04-08 | CVE-2020-14103 | Unspecified vulnerability in MI Miui 12.5/12.5.2 The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | 5.5 |
| 2021-04-08 | CVE-2020-14104 | Race Condition vulnerability in MI Ax3600 Firmware 1.0.50 A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | 8.1 |