23 matches found
EUVD-2020-6255
Malware in sbrugna...
EUVD-2020-29824
Malware in sbrugna...
CVE-2020-14096
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
CVE-2020-8994
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI...
Xiaomi AI speaker Rom buffer overflow vulnerability
Xiaomi AI speaker Rom is a smart speaker device from Chinese company Xiaomi. A buffer overflow vulnerability exists in versions prior to Xiaomi AI speaker Rom 1.59.6, which originates from a memory overflow during the OTA process that can be exploited by an attacker to validate malicious firmware...
CVE-2020-14096
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
CVE-2020-14096
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
Design/Logic Flaw
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
CVE-2020-14096
The provided connected documents describe a memory overflow in the Xiaomi AI speaker Rom versions older than 1.59.6 that can occur when verifying a malicious firmware during OTA. The vulnerability is characterized with a CRITICAL impact (CVSSv3.1: 9.8) and affects the OTA verification path; explo...
CVE-2020-14096
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
Xiaomi Xiao AI Speaker Pro LX06 Input Validation Error Vulnerability
The Xiaomi Xiao AI Speaker Pro LX06 is a smart speaker from Chinese company Xiaomi Technology Xiaomi. An input validation error vulnerability exists in Xiaomi Xiao AI Speaker Pro LX06 version 1.52.4. The vulnerability can be exploited to obtain a root shell by accessing the UART interface, which...
Xiaomi Xiao AI Speaker Pro LX06 Input Validation Error Vulnerability
Xiaomi Xiao AI Speaker Pro LX06 is a smart speaker from Chinese company Xiaomi Technology Xiaomi. An input validation error vulnerability exists in the Xiaomi Xiao AI Speaker Pro LX06 version 1.58.10. The vulnerability can be exploited by activating failsafe mode and using the miconsole command t...
CVE-2020-8994
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI...
Design/Logic Flaw
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI...
CVE-2020-8994
The CVE-2020-8994 entry concerns Xiaomi AI Speaker MDZ-25-DT (firmware versions 1.34.36 and 1.40.14). A physical-access flaw allows an attacker to obtain a root shell by interfacing with UART, enabling reading of the Wi‑Fi SSID/password and dialogue text files, and using Text‑To‑Speech to imperso...
CVE-2020-8994
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI...
Heap corruption vulnerability in Xiaomi AI Speaker-mDNS service
Xiaomi AI Speaker is a smart speaker product from Xiaomi. A heap corruption vulnerability exists in the Xiaomi AI Speaker-mDNS service. The vulnerability is due to the program service in the parsing of the request message there is a boundary check is not strict, resulting in the arbitrary write o...
Xiaomi AI Speaker-mDNS service suffers from denial of service vulnerability
Xiaomi AI Speaker is a smart speaker product from Xiaomi. A denial of service vulnerability exists in the Xiaomi AI Speaker-mDNS service. The vulnerability is caused by the program service failing to adequately determine malformed messages when parsing request messages, causing the parsing thread...
Improper access control
Yeelight Smart AI Speaker 3.3.100074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user...
CVE-2018-20007
Yeelight Smart AI Speaker 3.3.100074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user...