Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NMi Xiaomi
APPMi< 3.0.210809
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2020-14129CRITICAL9.8ten sam produkt
A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification fail...
CVE-2020-14131CRITICAL9.8ten sam produkt
The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcom...
CVE-2024-4406CRITICAL9.6PL ✓ten sam vendor
XSS umożliwiający RCE w aplikacji GetApps na Xiaomi 13 Pro
CVE-2024-4405CRITICAL9.6PL ✓ten sam vendor
XSS umożliwiający RCE w Xiaomi 13 Pro — plik manual-upgrade.html
CVE-2020-14115CRITICAL9.8ten sam vendor
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of...