Vulnerabilities > MI > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-28 CVE-2023-26321 Path Traversal vulnerability in MI File Manager 1210567
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version).
network
low complexity
mi CWE-22
critical
9.8
2024-08-28 CVE-2023-26322 Unspecified vulnerability in MI Getapps
A code execution vulnerability exists in the XiaomiGetApps application product.
network
low complexity
mi
critical
9.8
2024-08-28 CVE-2023-26323 Unspecified vulnerability in MI APP Market
A code execution vulnerability exists in the Xiaomi App market product.
network
low complexity
mi
critical
9.8
2024-08-28 CVE-2023-26324 Unspecified vulnerability in MI Getapps
A code execution vulnerability exists in the XiaomiGetApps application product.
network
low complexity
mi
critical
9.8
2023-08-02 CVE-2023-26317 Command Injection vulnerability in MI Xiaomi Router Firmware
Xiaomi routers have an external interface that can lead to command injection.
network
low complexity
mi CWE-77
critical
9.8
2022-10-11 CVE-2020-14129 Unspecified vulnerability in MI Xiaomi
A logic vulnerability exists in a Xiaomi product.
network
low complexity
mi
critical
9.8
2022-10-11 CVE-2020-14131 Unspecified vulnerability in MI Xiaomi
The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
network
low complexity
mi
critical
9.8
2022-03-10 CVE-2020-14115 Insufficient Verification of Data Authenticity vulnerability in MI Ax3600 Firmware 1.0.50
A command injection vulnerability exists in the Xiaomi Router AX3600.
network
low complexity
mi CWE-345
critical
9.8
2021-09-16 CVE-2020-14119 Command Injection vulnerability in MI Ax3600
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
network
low complexity
mi CWE-77
critical
9.8
2021-09-16 CVE-2020-14124 Classic Buffer Overflow vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
network
low complexity
mi CWE-120
critical
9.8