Critical Vulnerability in Xiaomi’s Interoperability App Exposes Users to Unauthorized Access

A serious security vulnerability, identified as CVE-2024-45347, has been found in Xiaomi’s interoperability application, potentially putting millions of users at risk. With a high CVSS score of 9.6, this flaw allows attackers to bypass authentication mechanisms and gain unauthorized access to devices running the affected software.

Critical Vulnerability in Xiaomi’s Interoperability App Exposes Users to Unauthorized AccessCritical Vulnerability in Xiaomi’s Interoperability App Exposes Users to Unauthorized Access

The vulnerability arises from a critical flaw in the app’s verification logic, enabling malicious actors to circumvent normal security checks. This could lead to complete system compromise, allowing attackers to access sensitive data, install malware, or maintain persistent access to compromised devices.

Discovered by Liu Xiaofeng from Shandong University, the vulnerability affects Xiaomi’s Interconnection Application version 3.1.895.10. Users are urged to update to the patched version 3.1.921.10 immediately to mitigate risks.

Critical Vulnerability in Xiaomi’s Interoperability App Exposes Users to Unauthorized AccessCritical Vulnerability in Xiaomi’s Interoperability App Exposes Users to Unauthorized Access

While Xiaomi has not confirmed any active exploitation of this vulnerability, the severity of the flaw necessitates prompt action. The interoperability application is vital for seamless connectivity between Xiaomi devices and smart home products, highlighting the importance of security in the company’s ecosystem.

Xiaomi encourages security researchers to participate in their bug bounty program through MiSRC, reinforcing their commitment to user safety and proactive vulnerability management.