Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of HTTP responses to the Captive Portal. A crafted HTML response can cause the Captive Portal to to open a browser to a specified location without user interaction. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7467.
CVSS Information
N/A
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
Xiaomi Mi6 Browser 安全漏洞
Vulnerability Description
Xiaomi Mi6 Browser是中国小米科技(Xiaomi)公司的一款Web浏览器。 Xiaomi Mi6 Browser 10.4.0之前版本中存在安全漏洞。攻击者可借助特制的HTML响应利用该漏洞绕过授权。
CVSS Information
N/A
Vulnerability Type
N/A