Vulnerabilities > MI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2020-14110 | Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50 AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | 4.6 |
| 2021-09-16 | CVE-2020-14130 | Exposure of Resource to Wrong Sphere vulnerability in MI Xiaomi Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 | 5.0 |
| 2021-09-07 | CVE-2021-31610 | The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | 6.1 |
| 2021-04-08 | CVE-2020-14106 | Incorrect Authorization vulnerability in MI Miui The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. | 4.3 |
| 2021-04-08 | CVE-2020-14103 | Unspecified vulnerability in MI Miui The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. network mi | 4.3 |
| 2021-04-08 | CVE-2020-14104 | Race Condition vulnerability in MI Ax3600 Firmware A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. | 6.8 |
| 2021-04-08 | CVE-2020-14099 | Use of Hard-coded Credentials vulnerability in MI Ax1800 Firmware and Rm1800 Firmware On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | 5.0 |
| 2021-01-13 | CVE-2020-14101 | Unspecified vulnerability in MI Ax1800 Firmware and Rm1800 Firmware The data collection SDK of the router web management interface caused the leakage of the token. | 5.0 |
| 2021-01-13 | CVE-2020-14098 | Improper Synchronization vulnerability in MI Ax1800 Firmware and Rm1800 Firmware The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. | 5.0 |
| 2021-01-13 | CVE-2020-14097 | Unspecified vulnerability in MI Redmi AX6 Firmware Wrong nginx configuration, causing specific paths to be downloaded without authorization. | 5.0 |