Xiaomi App Market Vulnerability Allows Arbitrary Code Execution
CVE-2023-26323

9.8CRITICAL

Key Information:

Vendor: Xiaomi
Status: App Market
Vendor: CVE Published:; 28 August 2024

What is CVE-2023-26323?

A vulnerability exists within the Xiaomi App Market that can allow attackers to exploit unsafe configuration settings. This flaw enables the execution of arbitrary code, posing significant security risks to users and their devices. Proper mitigation measures should be taken to address this vulnerability in the affected products to safeguard against potential exploitation.

Affected Version(s)

App Market 1.0.0 <= 4.57.4

References

https://trust.mi.com/misrc/bulletins/advisory?cveId=543

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2024
Vulnerability Reserved
Feb 22, 2023