Vulnerabilities > MI > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-14102 Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router.
network
low complexity
mi CWE-77
7.2
2021-01-13 CVE-2020-14101 Unspecified vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
The data collection SDK of the router web management interface caused the leakage of the token.
network
low complexity
mi
7.5
2021-01-13 CVE-2020-14098 Improper Synchronization vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts.
network
low complexity
mi CWE-662
7.5
2021-01-13 CVE-2020-14097 Unspecified vulnerability in MI Redmi AX6 Firmware
Wrong nginx configuration, causing specific paths to be downloaded without authorization.
network
low complexity
mi
7.5
2020-06-24 CVE-2020-11961 Missing Authentication for Critical Function vulnerability in MI Xiaomi R3600 Firmware
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
network
low complexity
mi CWE-306
7.5
2020-06-24 CVE-2020-11959 Unspecified vulnerability in MI Xiaomi R3600 Firmware
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
network
low complexity
mi
7.5
2020-03-06 CVE-2020-9531 Unspecified vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices.
low complexity
mi
7.3
2020-02-10 CVE-2019-13322 Improper Input Validation vulnerability in MI Browser
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0.
network
low complexity
mi CWE-20
8.8
2020-02-10 CVE-2019-13321 Incorrect Permission Assignment for Critical Resource vulnerability in MI Browser
This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0.
low complexity
mi CWE-732
8.0
2019-12-20 CVE-2019-15915 Improper Input Validation vulnerability in MI products
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices.
network
low complexity
mi CWE-20
7.5