Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker’s SSH service as a backdoor
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xiaomi AI speaker MDZ-25-DT 安全漏洞
Vulnerability Description
Xiaomi AI speaker MDZ-25-DT是中国小米科技(Xiaomi)公司的一款智能音箱设备。 XIAOMI AI speaker MDZ-25-DT 1.34.36版本和1.40.14版本中存在安全漏洞。攻击者可通过发送UART接口利用该漏洞获取root shell,读取Wi-Fi SSID或密码以及用户与XIAOMI AI话筒之间的对话文本文件,使用Text-To-Speech工具模仿XIAOMI话筒声音进行社会工程学攻击,监听用户并记录XIAOMI AI话筒声音,删除XIAOMI AI
CVSS Information
N/A
Vulnerability Type
N/A