CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
85.2%
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user’s cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
Vendor | Product | Version | CPE |
---|---|---|---|
mi | stock_browser | 10.2.4g | cpe:2.3:a:mi:stock_browser:10.2.4g:*:*:*:*:*:*:* |
mi | redmi_7_firmware | - | cpe:2.3:o:mi:redmi_7_firmware:-:*:*:*:*:*:*:* |
mi | redmi_7 | - | cpe:2.3:h:mi:redmi_7:-:*:*:*:*:*:*:* |
mi | redmi_note_7_firmware | - | cpe:2.3:o:mi:redmi_note_7_firmware:-:*:*:*:*:*:*:* |
mi | redmi_note_7 | - | cpe:2.3:h:mi:redmi_note_7:-:*:*:*:*:*:*:* |
mi | redmi_note_6_pro_firmware | - | cpe:2.3:o:mi:redmi_note_6_pro_firmware:-:*:*:*:*:*:*:* |
mi | redmi_note_6_pro | - | cpe:2.3:h:mi:redmi_note_6_pro:-:*:*:*:*:*:*:* |
mi | redmi_6_firmware | - | cpe:2.3:o:mi:redmi_6_firmware:-:*:*:*:*:*:*:* |
mi | redmi_6 | - | cpe:2.3:h:mi:redmi_6:-:*:*:*:*:*:*:* |
mi | redmi_6a_firmware | - | cpe:2.3:o:mi:redmi_6a_firmware:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
85.2%