CVE-2024-45347

CRITICAL

Xiaomi Mi Connect Service APP - Info Disclosure

Title source: llm
STIX 2.1

Description

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device.

References (1)

Core 1

Scores

CVSS v3 9.6
EPSS 0.0023
EPSS Percentile 13.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-287
Status published
Products (1)
Xiaomi/Xiaomi Mi Connect Service Xiaomi Mi Connect Service3.1.895.10
Published Jun 23, 2025
Tracked Since Feb 18, 2026