CVE-2023-26323

HIGH

Xiaomi App Market 4.57.4-4.58.2 - Remote Code Execution via Unsafe Configuration

Title source: llm

Description

A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.

References (1)

Core 1

Core References

Vendor Advisory

https://trust.mi.com/misrc/bulletins/advisory?cveId=543

Scores

CVSS v3 7.6

EPSS 0.0059

EPSS Percentile 43.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-95

Status published

Products (1)

mi/app_market 4.57.4 - 4.58.2

Published Aug 28, 2024

Tracked Since Feb 18, 2026