Vulnerabilities > MI

DATE CVE VULNERABILITY TITLE RISK
2020-03-06 CVE-2020-9531 Unspecified vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices.
mi
4.3
2020-03-06 CVE-2020-9530 Information Exposure vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices.
network
mi CWE-200
4.3
2020-03-05 CVE-2020-8994 Insufficiently Protected Credentials vulnerability in MI Mdz-25-Dt Firmware 1.34.36/1.40.14
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14.
local
low complexity
mi CWE-522
7.2
2020-02-10 CVE-2019-13322 Improper Input Validation vulnerability in MI Browser
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0.
network
mi CWE-20
6.8
2020-02-10 CVE-2019-13321 Incorrect Permission Assignment for Critical Resource vulnerability in MI Browser
This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0.
5.4
2019-12-20 CVE-2019-15915 Improper Input Validation vulnerability in MI products
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices.
network
low complexity
mi CWE-20
5.0
2019-12-20 CVE-2019-15914 Improper Input Validation vulnerability in MI products
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices.
network
low complexity
mi CWE-20
5.0
2019-12-20 CVE-2019-15913 Authorization Bypass Through User-Controlled Key vulnerability in MI products
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices.
network
low complexity
mi CWE-639
7.5
2019-11-14 CVE-2019-15475 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A3 Firmware
The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack.
local
low complexity
mi CWE-610
2.1
2019-11-14 CVE-2019-15474 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Cepheus Firmware
The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack.
local
low complexity
mi CWE-610
2.1