プラットフォーム
android
コンポーネント
xiaomi-mi-connect-service
修正版
3.1.896
CVE-2024-45347 describes an unauthorized access vulnerability discovered in the Xiaomi Mi Connect Service application. This flaw allows attackers to bypass validation checks and potentially gain access to a victim's device without proper authorization. The vulnerability impacts versions 3.1.895.10–3.1.895.10 of the application, and a fix is available in version 3.1.896.
The impact of CVE-2024-45347 is significant due to the potential for unauthorized device access. An attacker exploiting this vulnerability could potentially access sensitive data stored on the device, including personal information, contacts, and potentially control connected smart home devices managed through the Mi Connect Service. The scope of access would depend on the permissions granted to the Mi Connect Service application on the victim's device. Successful exploitation could lead to privacy breaches, data theft, and potentially even device compromise.
CVE-2024-45347 was published on 2025-06-23. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. Public proof-of-concept (POC) code is currently unavailable, but the severity suggests that attackers may actively seek to exploit this vulnerability. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Users who have not updated their Xiaomi Mi Connect Service application to version 3.1.896 or later are at risk. This includes users who have disabled automatic updates or are using older devices that may not be compatible with the latest version of the application. Individuals who rely on the Mi Connect Service to manage their smart home devices are particularly vulnerable.
• android / app:
# Check for Mi Connect Service version
Get-InstalledPackage -Name "com.xiaomi.smarthome"• android / app:
# Check app permissions
adb shell dumpsys package com.xiaomi.smarthome | findstr "permission"• android / app:
# Check for suspicious network activity
netstat -an | grep com.xiaomi.smarthomedisclosure
エクスプロイト状況
EPSS
0.05% (17% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-45347 is to immediately upgrade the Xiaomi Mi Connect Service application to version 3.1.896 or later. Users should ensure automatic updates are enabled to receive the fix promptly. As a temporary workaround, users can restrict the permissions granted to the Mi Connect Service application to minimize the potential impact of a successful attack. Regularly review app permissions and revoke any unnecessary access.
Actualice la aplicación Mi Connect Service a la última versión disponible en la tienda de aplicaciones. Esto solucionará la vulnerabilidad de acceso no autorizado. Consulte el boletín de seguridad de Xiaomi para obtener más detalles.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-45347 is a CRITICAL vulnerability in Xiaomi Mi Connect Service allowing unauthorized access due to flawed validation logic. It affects versions 3.1.895.10–3.1.895.10.
You are affected if you are using Xiaomi Mi Connect Service version 3.1.895.10–3.1.895.10 and have not upgraded.
Upgrade Xiaomi Mi Connect Service to version 3.1.896 or later. Enable automatic updates to ensure you receive the fix promptly.
While no public exploits are currently available, the CRITICAL severity suggests a high likelihood of active exploitation.
Refer to the official Xiaomi security advisory for details and updates regarding CVE-2024-45347.
build.gradle ファイルをアップロードすると、影響の有無を即座にお知らせします。