Vulnerabilities > MI > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-23 | CVE-2019-18371 | Path Traversal vulnerability in MI Millet Router 3G Firmware An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. | 7.5 |
| 2019-09-18 | CVE-2019-15843 | Unrestricted Upload of File with Dangerous Type vulnerability in MI Xiaomi Millet Firmware 16.3.9.3 A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. | 7.4 |
| 2019-06-03 | CVE-2019-6743 | Out-of-bounds Write vulnerability in MI MI6 Browser This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. | 8.8 |
| 2019-04-25 | CVE-2018-20823 | Improper Input Validation vulnerability in MI 5S Firmware The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. | 7.5 |
| 2018-12-07 | CVE-2018-19939 | NULL Pointer Dereference vulnerability in MI A2 Lite Firmware and Redmi 6 Firmware The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c. | 7.5 |
| 2018-11-27 | CVE-2018-16130 | OS Command Injection vulnerability in MI Miwifi OS 2.22.15 System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13023 | OS Command Injection vulnerability in MI Miwifi OS 2.22.15 System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | 8.8 |
| 2018-11-14 | CVE-2018-6065 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2018-09-05 | CVE-2018-16307 | Information Exposure vulnerability in MI Xiaomi Miwifi Xiaomi 55Dd Firmware 2.8.50 An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. | 7.5 |