CVE-2024-45347

Mi Connect Service APP protocol flaws lead to unauthorized access

CVSS 9.6 CRITICALEPSS 0.2%CWE-287

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Xiaomi · Xiaomi Mi Connect Service

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=548