Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2020-9531
HistoryMar 06, 2020 - 5:15 p.m.

CVE-2020-9531

2020-03-0617:15:12
mitre
web.nvd.nist.gov
59
xiaomi
miui
nfc
security issue
getapps
xiaomi miui v11.0.5.0.qfaeuxm
cve-2020-9531

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

70.0%

JSON

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user’s unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: 2001122.

Affected configurations

Nvd
Node
mimiui_firmwareMatch11.0.5.0.qfaeuxm
AND
mimiuiMatch-
VendorProductVersionCPE
mimiui_firmware11.0.5.0.qfaeuxmcpe:2.3:o:mi:miui_firmware:11.0.5.0.qfaeuxm:*:*:*:*:*:*:*
mimiui-cpe:2.3:h:mi:miui:-:*:*:*:*:*:*:*

Related

zdi 2
nvd 1
cvelist 1
prion 1
zdi
zdi
(Pwn2Own) Xiaomi GetApps Intent Privilege Escalation Vulnerability
2020-03-12 00:00:00
(Pwn2Own) Xiaomi Mi9 Browser Untrusted Site Redirection Remote Code Execution Vulnerability
2020-03-12 00:00:00
nvd
nvd
CVE-2020-9531
2020-03-06 17:15:12
cvelist
cvelist
CVE-2020-9531
2020-03-06 16:49:42
prion
prion
Design/Logic Flaw
2020-03-06 17:15:00

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

70.0%

JSON
Related for CVE-2020-9531
zdi2nvd1cvelist1prion1