A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.