Mi Security Vulnerabilities (CVEs)

Track 20 security vulnerabilities affecting Mi products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

4 Critical

13 High

3 Medium

Sort by:

🔔 Get Alerts for Mi

CVE-2023-26321 6.3

This path traversal vulnerability in Xiaomi File Manager allows attackers to write arbitrary files to sensitive locations by manipulating file paths. ...

Aug 28, 2024

CVE-2023-26322 8.8

This vulnerability allows attackers to bypass verification logic in XiaomiGetApps, potentially leading to remote code execution. Users of Xiaomi devic...

Aug 28, 2024

CVE-2023-26324 8.8

This vulnerability allows attackers to bypass verification logic in XiaomiGetApps, potentially leading to remote code execution on affected devices. U...

Aug 28, 2024

CVE-2023-26315 6.5

Xiaomi AX9000 routers have a post-authentication command injection vulnerability that allows authenticated attackers to execute arbitrary commands wit...

Aug 26, 2024

CVE-2024-37664 5.2

This vulnerability allows attackers on the same wireless network to disrupt or hijack TCP connections by sending forged TCP RST packets to the Redmi r...

Jun 17, 2024

CVE-2024-4405 9.6

This is a cross-site scripting (XSS) vulnerability in Xiaomi Pro 13 smartphones that allows remote code execution. Attackers can inject malicious scri...

May 2, 2024

CVE-2023-26320 7.5

This CVE describes a command injection vulnerability in Xiaomi routers that allows attackers to execute arbitrary commands on the device. Attackers ca...

Oct 11, 2023

CVE-2023-26317 7.0

Xiaomi routers have a command injection vulnerability in their external interface due to insufficient input filtering. Attackers can exploit this by h...

Aug 2, 2023

CVE-2020-14140 7.5

CVE-2020-14140 is an unauthenticated API vulnerability in Xiaomi router firmware that allows attackers to retrieve WiFi passwords without authenticati...

Mar 29, 2023

CVE-2020-14126 7.5

This vulnerability in the Mi Sound APP allows attackers to exploit improperly secured JavaScript interfaces to access sensitive information. It affect...

Jul 22, 2022

CVE-2020-14127 7.5

This CVE describes a heap overflow vulnerability in certain Xiaomi phone models that allows remote attackers to cause denial of service. The vulnerabi...

Jul 14, 2022

CVE-2022-31277 8.8

CVE-2022-31277 is a replay attack vulnerability in Xiaomi Lamp 1 smart bulbs that allows attackers to capture and reuse authentication requests. This ...

Jun 16, 2022

CVE-2020-14120 8.8

This vulnerability in some Xiaomi devices allows attackers to achieve privilege escalation by exploiting insufficient parameter validation in third-pa...

Apr 21, 2022

CVE-2020-14111 7.8

This CVE describes a command injection vulnerability in Xiaomi Router AX3600 firmware that allows attackers to execute arbitrary code on affected devi...

Mar 10, 2022

CVE-2020-14115 9.8

A command injection vulnerability in Xiaomi Router AX3600 allows attackers to execute arbitrary code by exploiting insufficient input validation. This...

Mar 10, 2022

CVE-2020-14107 7.5

This vulnerability is a stack overflow in the HTTP server of Cast that can be exploited via LAN to cause application crashes. It affects Cast devices ...

Jan 18, 2022

CVE-2020-14119 9.8

This vulnerability allows remote attackers to execute arbitrary commands with administrator privileges on Xiaomi AX3600 routers. Attackers can exploit...

Sep 16, 2021

CVE-2020-14109 7.2

This vulnerability allows remote command injection in the meshd routing service on Xiaomi AX3600 routers, enabling attackers to execute arbitrary comm...

Sep 16, 2021

CVE-2020-14099 7.5

This vulnerability in Xiaomi routers allows attackers to decrypt backup files containing sensitive user information like passwords due to hard-coded e...

Apr 8, 2021

CVE-2020-14096 9.8

A memory overflow vulnerability in Xiaomi AI speaker firmware allows attackers to execute arbitrary code during OTA firmware verification. This affect...

Sep 11, 2020

Why Monitor Mi Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 20+ known vulnerabilities affecting Mi products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mi packages in under 60 seconds. No agents required - completely agentless scanning that works across Mi deployments.

Free vulnerability database: Access detailed information about every Mi CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Mi CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Mi CVEs Free