Cyber Resilience

CVE-2024-45352

High

Published: 27 March 2025

Published
27 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45352 is a high-severity Origin Validation Error (CWE-346) vulnerability in Mi (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-45352 is a code execution vulnerability in the Xiaomi smarthome application product. The issue stems from improper input validation, enabling attackers to execute malicious code. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-346. The vulnerability was published on 2025-03-27.

Attackers can exploit this vulnerability remotely over the network with low complexity and no privileges required, though user interaction is necessary. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing arbitrary code execution on the affected device.

For mitigation details, refer to the advisory at https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=550.

EU & UK References

Vulnerability details

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The vulnerability is a remote code execution flaw in a client application (Xiaomi smarthome) due to improper input validation, directly enabling Exploitation for Client Execution (T1203) with user interaction required.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2790Shared CWE-346
CVE-2026-45207Shared CWE-346
CVE-2024-57965Shared CWE-346
CVE-2025-1102Shared CWE-346
CVE-2025-23023Shared CWE-346
CVE-2026-10010Shared CWE-346
CVE-2026-9989Shared CWE-346
CVE-2025-71217Shared CWE-346
CVE-2026-27192Shared CWE-346
CVE-2026-26861Shared CWE-346

Affected Assets

Mi
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces input validation mechanisms to prevent arbitrary code execution stemming from improper input validation in the Xiaomi smarthome application.

prevent

Requires identification, reporting, and timely remediation of flaws like CVE-2024-45352 through patching to eliminate the vulnerability.

preventdetect

Deploys malicious code protection at entry points to scan for and block execution of malicious code exploited via the input validation flaw.

References