CVE-2024-45361

Summary

A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.

Affected Software

VendorProductVersion RangeStatus
XiaomiXiaomi Mi Connect ServiceXiaomi Mi Connect Service3.1.895.10affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References