Vulnerabilities > MI > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2020-14123 | Double Free vulnerability in MI Miui 12.5.2 There is a pointer double free vulnerability in Some MIUI Services. | 7.5 |
| 2022-04-21 | CVE-2020-14116 | Insufficient Verification of Data Authenticity vulnerability in MI Browser An intent redirection vulnerability in the Mi Browser product. | 7.5 |
| 2022-04-21 | CVE-2020-14120 | Improper Validation of Integrity Check Value vulnerability in MI Miui 12.5 Some Xiaomi models have a vulnerability in a certain application. | 8.8 |
| 2022-03-10 | CVE-2020-14111 | Insufficient Verification of Data Authenticity vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12 A command injection vulnerability exists in the Xiaomi Router AX3600. | 7.8 |
| 2022-01-18 | CVE-2020-14107 | Out-of-bounds Write vulnerability in MI Xiaomi Mirror Screen A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN. | 7.5 |
| 2022-01-18 | CVE-2020-14110 | Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50 AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | 7.8 |
| 2021-09-16 | CVE-2020-14109 | Command Injection vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12 There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | 7.2 |
| 2021-04-08 | CVE-2020-14104 | Race Condition vulnerability in MI Ax3600 Firmware 1.0.50 A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | 8.1 |
| 2021-04-08 | CVE-2020-14099 | Use of Hard-coded Credentials vulnerability in MI Ax1800 Firmware and Rm1800 Firmware On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | 7.5 |
| 2021-01-13 | CVE-2020-14102 | Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. | 7.2 |