CVE-2020-14114

HIGH

7.5

CVSS Severity Score

EPSS Score0.0780%

EPSS Percentile18.66th

Published2022年7月22日

Last Modified2024年11月21日

Vulnerability Description

information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.

Affected Platforms (CPE)

📦

Smarthome

<= 6.4.701

References & Advisories

🔗 https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277

関連する脆弱性情報

CVE-2019-1106310.0

A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an...

CVE-2020-95509.8

Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to snif...

CVE-2017-27047.5

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentC...

CVE-2021-266387.3

Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information expo...