CVE-2020-14126 - Vulnerability Details

Vendors	Products
Mi	Sound

Link	Providers
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Mi Sound APP", "vendor": "n/a", "versions": [{"status": "affected", "version": "Mi Sound APP <=2.2.40"}]}], "descriptions": [{"lang": "en", "value": "Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."}], "problemTypes": [{"descriptions": [{"description": "Information leakage", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-22T15:30:39", "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "shortName": "Xiaomi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@xiaomi.com", "ID": "CVE-2020-14126", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mi Sound APP", "version": {"version_data": [{"version_value": "Mi Sound APP <=2.2.40"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information leakage"}]}]}, "references": {"reference_data": [{"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278", "refsource": "MISC", "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:35.966Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278"}]}]}, "cveMetadata": {"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "assignerShortName": "Xiaomi", "cveId": "CVE-2020-14126", "datePublished": "2022-07-22T15:30:39", "dateReserved": "2020-06-15T00:00:00", "dateUpdated": "2024-08-04T12:39:35.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Mi Sound APP (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Mi Sound APP <=2.2.40 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information leakage (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-07-22T15:30:39 (string)

orgId : b57733aa-7326-4f07-8e09-0be8e0df1909 (string)

shortName : Xiaomi (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@xiaomi.com (string)

ID : CVE-2020-14126 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Mi Sound APP (string)

version : { »

version_data : [ »

0 : { »

version_value : Mi Sound APP <=2.2.40 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information leakage (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278 (string)

refsource : MISC (string)

url : https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T12:39:35.966Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : b57733aa-7326-4f07-8e09-0be8e0df1909 (string)

assignerShortName : Xiaomi (string)

cveId : CVE-2020-14126 (string)

datePublished : 2022-07-22T15:30:39 (string)

dateReserved : 2020-06-15T00:00:00 (string)

dateUpdated : 2024-08-04T12:39:35.966Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mi:sound:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8CF7110-EC86-40B9-9DED-B3C537887A64", "versionEndIncluding": "2.2.40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en la APP Mi Sound. Esta vulnerabilidad es causada por las llamadas ilegales de algunas interfaces JS confidenciales, que pueden ser explotadas por los atacantes para filtrar informaci\u00f3n confidencial"}], "id": "CVE-2020-14126", "lastModified": "2024-11-21T05:02:42.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-22T16:15:08.123", "references": [{"source": "security@xiaomi.com", "tags": ["Vendor Advisory"], "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278"}], "sourceIdentifier": "security@xiaomi.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mi:sound:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E8CF7110-EC86-40B9-9DED-B3C537887A64 (string)

versionEndIncluding : 2.2.40 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. (string)

}

1 : { »

lang : es (string)

value : Se presenta una vulnerabilidad de filtrado de información en la APP Mi Sound. Esta vulnerabilidad es causada por las llamadas ilegales de algunas interfaces JS confidenciales, que pueden ser explotadas por los atacantes para filtrar información confidencial (string)

}

]

id : CVE-2020-14126 (string)

lastModified : 2024-11-21T05:02:42.743 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-07-22T16:15:08.123 (string)

references : [ »

0 : { »

source : security@xiaomi.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278 (string)

}

]

sourceIdentifier : security@xiaomi.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object