Refine your search

1 vulnerability found for Xiaomi shop application by Xiaomi

CVE-2024-45354 (GCVE-0-2024-45354)
Vulnerability from cvelistv5
Published
2025-03-27 06:25
Modified
2025-03-27 13:37
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE
  • CWE-346 - Origin Validation Error
Summary
A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
References
Impacted products
Vendor Product Version
Xiaomi Xiaomi shop application Version: Xiaomi shop application 5.30.0.20241103.r1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45354",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T13:37:14.765741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T13:37:21.226Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Xiaomi shop application",
          "vendor": "Xiaomi",
          "versions": [
            {
              "status": "affected",
              "version": "Xiaomi shop application 5.30.0.20241103.r1"
            }
          ]
        }
      ],
      "datePublic": "2025-02-21T06:24:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.   \u003cbr\u003e"
            }
          ],
          "value": "A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346 Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-27T06:25:56.581Z",
        "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "shortName": "Xiaomi"
      },
      "references": [
        {
          "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=552"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "xiaomi shop application Webview has code execution vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
    "assignerShortName": "Xiaomi",
    "cveId": "CVE-2024-45354",
    "datePublished": "2025-03-27T06:25:56.581Z",
    "dateReserved": "2024-08-28T02:24:34.839Z",
    "dateUpdated": "2025-03-27T13:37:21.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}