What is CVE-2020-10262?

CVE-2020-10262 is a vulnerability on XIAOMI XIAOAI speaker Pro LX06 1.58.10 that allows attackers to activate failsafe mode and gain root shell access.

How can attackers exploit CVE-2020-10262?

Attackers can exploit CVE-2020-10262 by using the mi_console command with the SN code to obtain the root shell password.

What can an attacker do if they exploit CVE-2020-10262?

If an attacker exploits CVE-2020-10262, they can read Wi-Fi SSID or password.

What is the severity of CVE-2020-10262?

The severity of CVE-2020-10262 is high, with a severity value of 6.8 out of 10.

How do I fix CVE-2020-10262?

To fix CVE-2020-10262, update your XIAOMI XIAOAI speaker Pro LX06 firmware to version 1.58.11 or later.

Vulnerability/
CVE-2020-10262

high

7.2

8/4/2020

4/8/2024

CVE-2020-10262

First published: Wed Apr 08 2020(Updated: )

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro (LX06), (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’s SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mi Xiaomi Xiaoai Speaker Pro Lx06 Firmware	=1.58.10
Mi Xiaomi Xiaoai Speaker Pro Lx06

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-10262?
CVE-2020-10262 is a vulnerability on XIAOMI XIAOAI speaker Pro LX06 1.58.10 that allows attackers to activate failsafe mode and gain root shell access.
How can attackers exploit CVE-2020-10262?
Attackers can exploit CVE-2020-10262 by using the mi_console command with the SN code to obtain the root shell password.
What can an attacker do if they exploit CVE-2020-10262?
If an attacker exploits CVE-2020-10262, they can read Wi-Fi SSID or password.
What is the severity of CVE-2020-10262?
The severity of CVE-2020-10262 is high, with a severity value of 6.8 out of 10.
How do I fix CVE-2020-10262?
To fix CVE-2020-10262, update your XIAOMI XIAOAI speaker Pro LX06 firmware to version 1.58.11 or later.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/description
agent/event
vendor/mi
canonical/mi xiaomi xiaoai speaker pro lx06 firmware
version/mi xiaomi xiaoai speaker pro lx06 firmware/1.58.10
canonical/mi xiaomi xiaoai speaker pro lx06

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.