Remote code vulnerabilities in Xiaomi Pro 13 smartphone (CVE-2024-4406, CVE-2024-4405, CVE-2023-26322)

Imechapishwa: May 03, 2024 06:36

Advisory No: TZCERT/SA/2024/05/02-3

Source: Zero-Day Initiative

Software Affected: Xiaomi Pro 13

Overview

Xiaomi Pro is vulnerable to three (3) critical vulnerabilities. The attackers can leverage the vulnerabilities to gain access to the affected smartphone.

Description

The three vulnerabilities rated at 8.8 and tracked as CVE-2024-4406, CVE-2024-4405, and CVE-2023-26322 are affecting the Xiaomi Pro 13 smartphone. The flaws exist in integral-dialog-page.html file, manual-upgrade.html file and within the isUrlMatchLevel method leading to the injection of an arbitrary script. The attackers can exploit the vulnerability to execute codes in the context of the current user.

Impact

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected smartphone.

Solution

Xiaomi has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio