How severe is CVE-2020-10262?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-10262?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2020-10262

MEDIUM Year: 2020

CVSS v3 Score

6.8

Medium

CVSS v2 Score

7.2

High

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro (LX06), (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’s SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.

CVE-2012-1695

MEDIUM

CVSS:6.8(Medium)

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, int...

NVD-CWE-Other2012

CVE-2015-8262

MEDIUM

CVSS:6.8(Medium)

Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof re...

NVD-CWE-Other2015

CVE-2015-8816

MEDIUM

CVSS:6.8(Medium)

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a d...

NVD-CWE-Other2015

CVE-2016-1285

MEDIUM

CVSS:6.8(Medium)

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (...

NVD-CWE-Other2016

CVE-2016-5304

MEDIUM

CVSS:6.8(Medium)

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites ...

NVD-CWE-Other2016

CVE-2016-8318

MEDIUM

CVSS:6.8(Medium)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exp...

NVD-CWE-Other2016

CVE-2020-10262

Vulnerability Description

Related Vulnerabilities

CVE-2012-1695

CVE-2015-8262

CVE-2015-8816

CVE-2016-1285

CVE-2016-5304

CVE-2016-8318