Vulnerabilities > MI > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-20 CVE-2019-15914 Improper Input Validation vulnerability in MI products
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices.
network
low complexity
mi CWE-20
7.5
2019-10-23 CVE-2019-18371 Path Traversal vulnerability in MI Millet Router 3G Firmware
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable.
network
low complexity
mi CWE-22
7.5
2019-09-18 CVE-2019-15843 Unrestricted Upload of File with Dangerous Type vulnerability in MI Xiaomi Millet Firmware 16.3.9.3
A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3.
network
high complexity
mi CWE-434
7.4
2019-06-03 CVE-2019-6743 Out-of-bounds Write vulnerability in MI MI6 Browser
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0.
network
low complexity
mi CWE-787
8.8
2019-04-25 CVE-2018-20823 Improper Input Validation vulnerability in MI 5S Firmware
The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack.
network
low complexity
mi CWE-20
7.5
2018-12-07 CVE-2018-19939 NULL Pointer Dereference vulnerability in MI A2 Lite Firmware and Redmi 6 Firmware
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.
network
low complexity
mi CWE-476
7.5
2018-11-27 CVE-2018-16130 OS Command Injection vulnerability in MI Miwifi OS 2.22.15
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.
network
low complexity
mi CWE-78
8.8
2018-11-27 CVE-2018-13023 OS Command Injection vulnerability in MI Miwifi OS 2.22.15
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.
network
low complexity
mi CWE-78
8.8
2018-11-14 CVE-2018-6065 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian mi CWE-190
8.8
2018-09-05 CVE-2018-16307 Information Exposure vulnerability in MI Xiaomi Miwifi Xiaomi 55Dd Firmware 2.8.50
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices.
network
low complexity
mi CWE-200
7.5