Unknown
CVE-2018-20523
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2018-20523
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user’s cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- redmi 4a firmware -,
- redmi 5 plus firmware -,
- redmi 6 firmware -,
- redmi 6a firmware -,
- redmi 7 firmware -,
- redmi 7a firmware -,
- redmi go firmware -,
- redmi k20 firmware -,
- redmi k20 pro firmware -,
- redmi note 4 firmware -,
- redmi note 5 firmware -,
- redmi note 5 pro firmware -,
- redmi note 5a prime firmware -,
- redmi note 6 pro firmware -,
- redmi note 7 firmware -,
- redmi note 7s firmware -,
- redmi s2 firmware -,
- redmi y3 firmware -,
- stock browser 10.2.4g
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
