Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Xiaomi — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting Xiaomi. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Xiaomi operates primarily as a consumer electronics manufacturer, producing smartphones, IoT devices, and smart home appliances that form the backbone of its ecosystem. Security audits have identified twenty-six Common Vulnerabilities and Exposures (CVEs) associated with its software and hardware platforms. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insecure default configurations or insufficient input validation in embedded systems. While the company has faced scrutiny over data privacy practices and occasional firmware updates that introduce regressions, no single catastrophic breach has defined its public security history. Instead, the risk profile is characterized by a high volume of minor, patchable issues across a vast device array. This pattern necessitates rigorous, continuous patch management for users to mitigate the cumulative attack surface presented by interconnected smart devices and mobile operating systems.

Top products by Xiaomi: Xiaomi router Browser GetApps application Xiaomi router R3600 Pro 13 Xiaomi Mi Connect Service Router AX9000 App Market Xiaomi File Manager App International Version Xiaomi Router AX9000 Game center application Xiaomi smarthome application quick app framework Xiaomi shop application Xiaomi phone framework Xiaomi phone framework has unauthorized access vulnerability
CVE IDTitleCVSSSeverityPublished
CVE-2024-45347 Mi Connect Service APP protocol flaws lead to unauthorized access — Xiaomi Mi Connect ServiceCWE-287 9.6 Critical2025-06-23
CVE-2024-45361 Mi Connect Service APP protocol flaws lead to leaking sensitive user information — Xiaomi Mi Connect ServiceCWE-319 6.5 Medium2025-03-27
CVE-2024-45356 Xiaomi phone framework has unauthorized access vulnerability — Xiaomi phone framework has unauthorized access vulnerabilityCWE-306 7.3 High2025-03-27
CVE-2024-45355 Xiaomi phone framework has unauthorized access vulnerability — Xiaomi phone frameworkCWE-306 5.5 Medium2025-03-27
CVE-2024-45354 xiaomi shop application Webview has code execution vulnerability — Xiaomi shop applicationCWE-346 4.3 Medium2025-03-27
CVE-2024-45353 quick App has intent redriction vulnerability — quick app frameworkCWE-346 4.3 Medium2025-03-27
CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability — Xiaomi smarthome applicationCWE-346 8.8 High2025-03-27
CVE-2024-45351 Game center application has code execution Vulnerability — Game center applicationCWE-1284 7.8 High2025-03-26
CVE-2024-45348 Xiaomi Router AX9000 has a post-authorization command injection vulnerability — Xiaomi Router AX9000CWE-77 6.4 Medium2024-09-23
CVE-2023-26322 GetApps application has code execution vulnerability — GetApps application 8.8 High2024-08-28
CVE-2023-26323 Xiaomi App Market has a code execution vulnerability — App Market 7.6 High2024-08-28
CVE-2023-26321 The international version of Xiaomi File Manager has a path traversal vulnerability — Xiaomi File Manager App International Version 6.3 Medium2024-08-28
CVE-2023-26324 GetApps application has code execution vulnerability — GetApps application 8.8 High2024-08-28
CVE-2024-45346 GetApps application has code execution vulnerability — GetApps applicationCWE-287 8.8 High2024-08-28
CVE-2023-26315 Xiaomi router has a command injection vulnerability after authorization — Router AX9000CWE-78 6.5 Medium2024-08-26
CVE-2024-4406 Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability — Pro 13CWE-79 9.6 -2024-05-02
CVE-2024-4405 Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability — Pro 13CWE-79 9.6 -2024-05-02
CVE-2023-26320 Xiaomi Router external request interface vulnerability leads to stack overflow — Xiaomi RouterCWE-120 7.5 High2023-10-11
CVE-2023-26319 Xiaomi Router administration interface vulnerability leads command injection and stack overflow — Xiaomi RouterCWE-120 6.7 Medium2023-10-11
CVE-2023-26318 Xiaomi router web interface post-authorization stack overflow — Xiaomi RouterCWE-120 6.7 Medium2023-10-11
CVE-2023-26317 Xiaomi router external request interface has command injection — Xiaomi routerCWE-78 7.0 High2023-08-02
CVE-2020-14094 Xiaomi R3600 注入漏洞 — Xiaomi router R3600 9.8 -2020-06-24
CVE-2020-14095 Xiaomi R3600 注入漏洞 — Xiaomi router R3600 9.8 -2020-06-24
CVE-2019-13321 Xiaomi Mi6 Browser 安全漏洞 — BrowserCWE-732 8.0 -2020-02-10
CVE-2019-13322 Xiaomi Mi6 Browser 输入验证错误漏洞 — BrowserCWE-356 8.8 -2020-02-10
CVE-2019-6743 Xiaomi Mi6 Browser 缓冲区错误漏洞 — BrowserCWE-787 8.8 -2019-06-03

This page lists every published CVE security advisory associated with Xiaomi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.