Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Xiaomi smarthome application by Xiaomi

    CVE-2024-45352 (GCVE-0-2024-45352)

    Vulnerability from nvd – Published: 2025-03-27 02:02 – Updated: 2025-03-27 13:44
    VLAI
    Title
    Xiaomi smarthome application Webview has code execution vulnerability
    Summary
    An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    Impacted products
    Vendor Product Version
    Xiaomi Xiaomi smarthome application Affected: Xiaomi smarthome application 10.0.623
    Create a notification for this product.
    Date Public
    2025-02-21 01:59
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T13:44:28.162270Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T13:44:35.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Xiaomi smarthome application",
              "vendor": "Xiaomi",
              "versions": [
                {
                  "status": "affected",
                  "version": "Xiaomi smarthome application 10.0.623"
                }
              ]
            }
          ],
          "datePublic": "2025-02-21T01:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.  \u0026nbsp; \u003cbr\u003e"
                }
              ],
              "value": "An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-27T02:03:13.737Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=550"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Xiaomi smarthome application Webview has code execution vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2024-45352",
        "datePublished": "2025-03-27T02:02:34.511Z",
        "dateReserved": "2024-08-28T02:24:34.839Z",
        "dateUpdated": "2025-03-27T13:44:35.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45352 (GCVE-0-2024-45352)

    Vulnerability from cvelistv5 – Published: 2025-03-27 02:02 – Updated: 2025-03-27 13:44
    VLAI
    Title
    Xiaomi smarthome application Webview has code execution vulnerability
    Summary
    An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    Impacted products
    Vendor Product Version
    Xiaomi Xiaomi smarthome application Affected: Xiaomi smarthome application 10.0.623
    Create a notification for this product.
    Date Public
    2025-02-21 01:59
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T13:44:28.162270Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T13:44:35.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Xiaomi smarthome application",
              "vendor": "Xiaomi",
              "versions": [
                {
                  "status": "affected",
                  "version": "Xiaomi smarthome application 10.0.623"
                }
              ]
            }
          ],
          "datePublic": "2025-02-21T01:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.  \u0026nbsp; \u003cbr\u003e"
                }
              ],
              "value": "An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-27T02:03:13.737Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=550"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Xiaomi smarthome application Webview has code execution vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2024-45352",
        "datePublished": "2025-03-27T02:02:34.511Z",
        "dateReserved": "2024-08-28T02:24:34.839Z",
        "dateUpdated": "2025-03-27T13:44:35.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }