Sign-up

ID

VAR-202005-1083


TITLE

Xiaomi Mi Box memory corruption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-27287

DESCRIPTION

Xiaomi Mi Box is a Xiaomi set-top box application. There is a memory corruption vulnerability in Xiaomi Mi Box. An attacker can use this vulnerability to execute arbitrary code in the context of the currently logged in user, which may result in a denial of service condition.

Trust: 0.6

sources: CNVD: CNVD-2020-27287

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27287

AFFECTED PRODUCTS

vendor:xiaomimodel:mibox3scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-27287

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-27287
value: HIGH

Trust: 0.6

CNVD: CNVD-2020-27287
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-27287

EXTERNAL IDS

db:PACKETSTORMid:155482

Trust: 0.6

db:CNVDid:CNVD-2020-27287

Trust: 0.6

sources: CNVD: CNVD-2020-27287

REFERENCES

url:https://packetstormsecurity.com/files/155482/xiaomi-mi-box-display-corruption.html

Trust: 0.6

sources: CNVD: CNVD-2020-27287

SOURCES

db:CNVDid:CNVD-2020-27287

LAST UPDATE DATE

2022-05-17T01:46:20.424000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-27287date:2020-05-09T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-27287date:2020-05-09T00:00:00