Unauthorized Access Flaw in Xiaomi Mi Connect Service APP
CVE-2024-45347

9.6CRITICAL

Key Information:

Vendor: Xiaomi
Status: Xiaomi Mi Connect Service
Vendor: CVE Published:; 23 June 2025

What is CVE-2024-45347?

The Xiaomi Mi Connect Service APP has a vulnerability that arises from flawed validation logic, allowing attackers to gain unauthorized access to users' devices. This loophole can be exploited to interact with the device without proper authorization, posing a significant risk to user data and privacy. Users are advised to take precautions and ensure their app versions are updated to mitigate potential threats.

Affected Version(s)

Xiaomi Mi Connect Service Xiaomi Mi Connect Service3.1.895.10

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Aug 28, 2024