Vulnerabilities > MI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-25 | CVE-2018-20823 | Improper Input Validation vulnerability in MI 5S Firmware The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. | 7.5 |
| 2019-04-05 | CVE-2019-10875 | Authentication Bypass by Spoofing vulnerability in MI Browser and Mint Browser A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. | 4.3 |
| 2019-02-17 | CVE-2019-8413 | NULL Pointer Dereference vulnerability in MI MIX 2 Firmware 4.4.78 On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). | 4.9 |
| 2018-12-24 | CVE-2018-18698 | Insufficiently Protected Credentials vulnerability in MI Xiaomi Mi-A1 Firmware An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. | 5.0 |
| 2018-12-07 | CVE-2018-19939 | NULL Pointer Dereference vulnerability in MI A2 Lite Firmware and Redmi 6 Firmware The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c. | 7.5 |
| 2018-11-27 | CVE-2018-16130 | OS Command Injection vulnerability in MI Miwifi OS 2.22.15 System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter. | 9.0 |
| 2018-11-27 | CVE-2018-13023 | OS Command Injection vulnerability in MI Miwifi OS 2.22.15 System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | 9.0 |
| 2018-11-27 | CVE-2018-13022 | Cross-site Scripting vulnerability in MI Miwifi OS 2.22.15 Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | 4.3 |
| 2018-11-14 | CVE-2018-6065 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2018-09-05 | CVE-2018-16307 | Information Exposure vulnerability in MI Xiaomi Miwifi Xiaomi 55Dd Firmware 2.8.50 An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. | 5.0 |