CVE-2024-45361

MEDIUM

Xiaomi Mi Connect Service APP - Info Disclosure

Title source: llm

Description

A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.

References (1)

[Various Sources] https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=558

Scores

CVSS v3 6.5

EPSS 0.0010

EPSS Percentile 28.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

Xiaomi/Xiaomi Mi Connect Service Xiaomi Mi Connect Service3.1.895.10

Published Mar 27, 2025

Tracked Since Feb 18, 2026