CVE-2018-20523
Xiaomi browser 10.2.4.g - Browser Search History Disclosure
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
Xiaomi stock Browser versión 10.2.4.g en dispositivos Xiaomi Redmi Note 5 Pro y otros teléfonos Redmi Android, permite inyección en el proveedor de contenido. En otras palabras, una aplicación de terceros puede leer el historial del explorador del usuario en texto sin cifrar mediante una petición app.provider.query content://com.android.browser.searchhistory/searchhistory.
Xiaomi browser version 10.2.4.g suffers from a browser search history disclosure vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-27 CVE Reserved
- 2019-06-07 CVE Published
- 2021-08-10 First Exploit
- 2024-08-05 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://sec.xiaomi.com | 2022-04-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mi Search vendor "Mi" | Redmi 7 Firmware Search vendor "Mi" for product "Redmi 7 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi 7 Search vendor "Mi" for product "Redmi 7" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Note 7 Firmware Search vendor "Mi" for product "Redmi Note 7 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Note 7 Search vendor "Mi" for product "Redmi Note 7" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Note 6 Pro Firmware Search vendor "Mi" for product "Redmi Note 6 Pro Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Note 6 Pro Search vendor "Mi" for product "Redmi Note 6 Pro" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi 6 Firmware Search vendor "Mi" for product "Redmi 6 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi 6 Search vendor "Mi" for product "Redmi 6" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi 6a Firmware Search vendor "Mi" for product "Redmi 6a Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi 6a Search vendor "Mi" for product "Redmi 6a" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi S2 Firmware Search vendor "Mi" for product "Redmi S2 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi S2 Search vendor "Mi" for product "Redmi S2" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Note 5 Pro Firmware Search vendor "Mi" for product "Redmi Note 5 Pro Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Note 5 Pro Search vendor "Mi" for product "Redmi Note 5 Pro" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi K20 Pro Firmware Search vendor "Mi" for product "Redmi K20 Pro Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi K20 Pro Search vendor "Mi" for product "Redmi K20 Pro" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi K20 Firmware Search vendor "Mi" for product "Redmi K20 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi K20 Search vendor "Mi" for product "Redmi K20" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi 7a Firmware Search vendor "Mi" for product "Redmi 7a Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi 7a Search vendor "Mi" for product "Redmi 7a" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Go Firmware Search vendor "Mi" for product "Redmi Go Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Go Search vendor "Mi" for product "Redmi Go" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Note 5 Firmware Search vendor "Mi" for product "Redmi Note 5 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Note 5 Search vendor "Mi" for product "Redmi Note 5" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Y3 Firmware Search vendor "Mi" for product "Redmi Y3 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Y3 Search vendor "Mi" for product "Redmi Y3" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Note 7s Firmware Search vendor "Mi" for product "Redmi Note 7s Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Note 7s Search vendor "Mi" for product "Redmi Note 7s" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi S2 Firmware Search vendor "Mi" for product "Redmi S2 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi S2 Search vendor "Mi" for product "Redmi S2" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi 4a Firmware Search vendor "Mi" for product "Redmi 4a Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi 4a Search vendor "Mi" for product "Redmi 4a" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Note 4 Firmware Search vendor "Mi" for product "Redmi Note 4 Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Note 4 Search vendor "Mi" for product "Redmi Note 4" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi 5 Plus Firmware Search vendor "Mi" for product "Redmi 5 Plus Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi 5 Plus Search vendor "Mi" for product "Redmi 5 Plus" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi Note 5a Prime Firmware Search vendor "Mi" for product "Redmi Note 5a Prime Firmware" | - | - |
Affected
| in | Mi Search vendor "Mi" | Redmi Note 5a Prime Search vendor "Mi" for product "Redmi Note 5a Prime" | - | - |
Safe
|
| Mi Search vendor "Mi" | Stock Browser Search vendor "Mi" for product "Stock Browser" | 10.2.4g Search vendor "Mi" for product "Stock Browser" and version "10.2.4g" | - |
Affected
| ||||||