Vulnerabilities > MI > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-08 CVE-2020-14103 Unspecified vulnerability in MI Miui 12.5/12.5.2
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
local
low complexity
mi
5.5
2020-04-08 CVE-2020-10263 Missing Authentication for Critical Function vulnerability in MI Xiaomi Xiaoai Speaker PRO Lx06 Firmware 1.52.4
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4.
low complexity
mi CWE-306
6.8
2020-04-08 CVE-2020-10262 Unspecified vulnerability in MI Xiaomi Xiaoai Speaker PRO Lx06 Firmware 1.58.10
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10.
low complexity
mi
6.8
2020-03-06 CVE-2020-9530 Code Injection vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices.
network
low complexity
mi CWE-94
6.5
2020-03-05 CVE-2020-8994 Improper Authentication vulnerability in MI Mdz-25-Dt Firmware 1.34.36/1.40.14
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14.
low complexity
mi CWE-287
6.8
2019-11-14 CVE-2019-15475 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A3 Firmware
The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack.
local
low complexity
mi CWE-610
5.5
2019-11-14 CVE-2019-15474 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Cepheus Firmware
The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack.
local
low complexity
mi CWE-610
5.5
2019-11-14 CVE-2019-15473 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A2 Lite Firmware
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack.
local
low complexity
mi CWE-610
5.5
2019-11-14 CVE-2019-15472 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A2 Lite Firmware
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack.
local
low complexity
mi CWE-610
5.5
2019-11-14 CVE-2019-15471 Unspecified vulnerability in MI MIX 2S Firmware
The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component.
local
low complexity
mi
5.5