CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45361 – Mi Connect Service APP protocol flaws lead to leaking sensitive user information
https://notcve.org/view.php?id=CVE-2024-45361
27 Mar 2025 — A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information. Existe una vulnerabilidad de protocolo en Xiaomi Mi Connect Service APP. Esta vulnerabilidad se debe a un fallo en la lógica de validación y puede ser explotada por atacantes para filtrar información confidencial del usuario. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=558 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45356 – Xiaomi phone framework has unauthorized access vulnerability
https://notcve.org/view.php?id=CVE-2024-45356
27 Mar 2025 — A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. Existe una vulnerabilidad de acceso no autorizado en el framework de teléfonos Xiaomi. Esta vulnerabilidad se debe a una validación incorrecta y puede ser explotada por atacantes para acceder a métodos confidenciales. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=554 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45355 – Xiaomi phone framework has unauthorized access vulnerability
https://notcve.org/view.php?id=CVE-2024-45355
27 Mar 2025 — A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=553 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45353 – quick App has intent redriction vulnerability
https://notcve.org/view.php?id=CVE-2024-45353
27 Mar 2025 — An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=551 • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45352 – Xiaomi smarthome application Webview has code execution vulnerability
https://notcve.org/view.php?id=CVE-2024-45352
27 Mar 2025 — An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=550 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45351 – Game center application has code execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45351
26 Mar 2025 — A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=549 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45348 – Xiaomi Router AX9000 has a post-authorization command injection vulnerability
https://notcve.org/view.php?id=CVE-2024-45348
23 Sep 2024 — Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. Xiaomi Router AX9000 tiene una vulnerabilidad de inyección de comandos posterior a la autorización. Esta vulnerabilidad se debe a la falta de validación de la entrada del usuario y un atacante puede aprovecharla para ejecutar código arbitrario. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=547 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26323 – Xiaomi App Market has a code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26323
28 Aug 2024 — A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. • https://trust.mi.com/misrc/bulletins/advisory?cveId=543 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26324 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26324
28 Aug 2024 — A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. • https://https://trust.mi.com/misrc/bulletins/advisory?cveId=544 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45346 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2024-45346
28 Aug 2024 — The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. • https://trust.mi.com/misrc/bulletins/advisory?cveId=545 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-287: Improper Authentication •