Vulnerabilities > MI > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-26316 Cross-site Scripting vulnerability in MI Xiaomi Cloud 1.12.0.0.21/1.12.0.0.25
A XSS vulnerability exists in the Xiaomi cloud service Application product.
network
low complexity
mi CWE-79
6.1
2022-04-21 CVE-2020-14117 Unspecified vulnerability in MI Content Center
A improper permission configuration vulnerability in Xiaomi Content Center APP.
network
low complexity
mi
5.3
2022-04-21 CVE-2020-14118 Open Redirect vulnerability in MI APP Store
An intent redirection vulnerability in the Mi App Store product.
network
low complexity
mi CWE-601
6.1
2022-04-21 CVE-2020-14121 Incorrect Authorization vulnerability in MI APP Store 4.12.2
A business logic vulnerability exists in Mi App Store.
local
low complexity
mi CWE-863
5.5
2022-04-21 CVE-2020-14122 Insufficient Verification of Data Authenticity vulnerability in MI Miui 12.5.2
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.
local
low complexity
mi CWE-345
5.5
2022-03-10 CVE-2020-14112 Information Exposure vulnerability in MI Ax6000 Firmware
Information Leak Vulnerability exists in the Xiaomi Router AX6000.
network
low complexity
mi CWE-200
5.3
2021-09-16 CVE-2020-14130 Exposure of Resource to Wrong Sphere vulnerability in MI Xiaomi
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
network
low complexity
mi CWE-668
5.3
2021-09-07 CVE-2021-31610 The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data.
low complexity
mi bluetrum
6.5
2021-04-20 CVE-2020-14105 Unspecified vulnerability in MI Miui 12.5/12.5.2
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
local
low complexity
mi
5.5
2021-04-08 CVE-2020-14106 Incorrect Authorization vulnerability in MI Miui 12.5/12.5.2/2020.01.15
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.
local
low complexity
mi CWE-863
5.5