Vulnerabilities > MI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-31610 | The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | 6.1 |
| 2021-04-20 | CVE-2020-14105 | Unspecified vulnerability in MI Miui The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | 2.1 |
| 2021-04-08 | CVE-2020-14106 | Incorrect Authorization vulnerability in MI Miui The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. | 4.3 |
| 2021-04-08 | CVE-2020-14103 | Unspecified vulnerability in MI Miui The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. network mi | 4.3 |
| 2021-04-08 | CVE-2020-14104 | Race Condition vulnerability in MI Ax3600 Firmware A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | 6.8 |
| 2021-04-08 | CVE-2020-14099 | Use of Hard-coded Credentials vulnerability in MI Ax1800 Firmware and Rm1800 Firmware On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | 5.0 |
| 2021-01-13 | CVE-2020-14102 | Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. | 9.0 |
| 2021-01-13 | CVE-2020-14101 | Unspecified vulnerability in MI Ax1800 Firmware and Rm1800 Firmware The data collection SDK of the router web management interface caused the leakage of the token. | 5.0 |
| 2021-01-13 | CVE-2020-14098 | Improper Synchronization vulnerability in MI Ax1800 Firmware and Rm1800 Firmware The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. | 5.0 |
| 2021-01-13 | CVE-2020-14097 | Unspecified vulnerability in MI Redmi AX6 Firmware Wrong nginx configuration, causing specific paths to be downloaded without authorization. | 5.0 |