CVE-2020-14114

{"id": "CVE-2020-14114", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-22T16:15:08.000", "references": [{"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277", "tags": ["Vendor Advisory"], "source": "security@xiaomi.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en la APP Xiaomi SmartHome. Esta vulnerabilidad es causada por las llamadas ilegales de algunas interfaces JS confidenciales, que pueden ser explotadas por los atacantes para filtrar informaci\u00f3n confidencial"}], "lastModified": "2022-07-28T16:03:31.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mi:smarthome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "201509DF-F2BF-4489-8B7F-9B77E950BE1C", "versionEndIncluding": "6.4.701"}], "operator": "OR"}]}], "sourceIdentifier": "security@xiaomi.com"}