How to fix EUVD-2024-54694?

Within 24 hours: Inventory all Xiaomi Mi Connect Service APP deployments across the organization and isolate affected devices from critical networks if possible. Within 7 days: Implement network segmentation to restrict Mi Connect Service communications, disable the service where operationally feasible, and establish enhanced monitoring for unauthorized access attempts. Within 30 days: Monitor Xiaomi security advisories for patch availability and develop a staged deployment plan; conduct security assessments of any potentially compromised devices.

EUVD-2024-54694

| CVE-2024-45347 CRITICAL

2025-06-23 [email protected]

Authentication Bypass

9.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 22:10 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 22:10 euvd

EUVD-2024-54694

CVE Published

Jun 23, 2025 - 10:15 nvd

CRITICAL 9.6

DescriptionNVD

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device.

AnalysisAI

CVE-2024-45347 is a critical authentication bypass vulnerability in Xiaomi Mi Connect Service APP caused by flawed validation logic that allows unauthenticated attackers on the same network segment to gain unauthorized access to victim devices with complete control (confidentiality, integrity, and availability compromise). With a CVSS score of 9.6 and CVSS vector indicating adjacent network access with no privileges or user interaction required, this vulnerability represents a severe risk to Xiaomi device users, particularly in shared network environments (corporate WiFi, home networks, public hotspots).

Technical ContextAI

The vulnerability exists in the Xiaomi Mi Connect Service application, a proprietary service component responsible for device authentication and access control. The root cause (CWE-287: Improper Authentication) stems from inadequate validation of authentication credentials or session tokens within the service's access control logic. The service likely fails to properly verify client identity before granting access to sensitive device functions and data, potentially leveraging network-adjacent communication protocols. The flaw suggests the validation mechanism either skips critical authentication checks, implements weak token validation, or mishandles edge cases in the authentication workflow. CPE identification would typically follow: cpe:2.3:a:xiaomi:mi_connect_service:*:*:*:*:*:android:*:* or similar, affecting the Android application ecosystem.

RemediationAI

Immediate actions: (1) Apply security patch when available from Xiaomi—monitor Xiaomi Security Advisories and device system updates; (2) Interim mitigation: disable Mi Connect Service if not actively required, revoke device access tokens, and segregate Xiaomi devices on isolated VLANs if on enterprise networks; (3) Network-level mitigation: restrict network access to Mi Connect Service ports/protocols at firewall boundaries, disable adjacent-network communication if application permits; (4) User-level mitigation: avoid connecting to untrusted WiFi networks until patched, use VPN to encrypt adjacent-network traffic. Patch version details should be confirmed via official Xiaomi security advisories once released.

EUVD-2024-54694 vulnerability details – vuln.today

Back

EUVD-2024-54694

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code