A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Remote code vulnerabilities in Xiaomi Pro 13 smartphone (CVE-2024-4406, CVE-2024-4405, CVE-2023-26322)

Remote code vulnerabilities in Xiaomi Pro 13 smartphone (CVE-2024-4406, CVE-2024-4405, CVE-2023-26322)

Advisory No: TZCERT/SA/2024/05/02-3

Date of First Release: 2nd May 2024

Source: Zero-Day Initiative

Software Affected: Xiaomi Pro 13

Overview:

Xiaomi Pro is vulnerable to three (3) critical vulnerabilities. The attackers can leverage the vulnerabilities to gain access to the affected smartphone.

Description:

The three vulnerabilities rated at 8.8 and tracked as CVE-2024-4406, CVE-2024-4405, and CVE-2023-26322 are affecting the Xiaomi Pro 13 smartphone. The flaws exist in integral-dialog-page.html file, manual-upgrade.html file and within the isUrlMatchLevel method leading to the injection of an arbitrary script. The attackers can exploit the vulnerability to execute codes in the context of the current user.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected smartphone.

Solution:

Xiaomi has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.zerodayinitiative.com/advisories/ZDI-24-419/
  2. https://www.zerodayinitiative.com/advisories/ZDI-24-418/
  3. https://www.zerodayinitiative.com/advisories/ZDI-24-417/

Check Also

Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Advisory No: TZCERT/SA/2024/05/17-6 Date of First Release: 17th May 2024 Source: IBM Software Affected: IBM …