Pei-Jing Sun

**Name of the Vulnerable Software and Affected Versions** XIAOMI XIAOAI speaker Pro LX06 version 1.58.10 **Description** An issue was discovered in XIAOMI XIAOAI speaker Pro LX06, where attackers can activate the failsafe mode during the boot process and use the `mi console` command cascaded by the `SN` code to get the root shell password. This allows the attacker to read Wi-Fi SSID or password, read dialogue text files between users and the device, use Text-To-Speech tools to pretend the device's voice for social engineering attacks, eavesdrop on users and record what the device hears, modify system files, send IR codes through the IR emitter, stop the voice assistant service, enable SSH or TELNET service as a backdoor, and tamper with the router configuration in local area networks. **Recommendations** For XIAOMI XIAOAI speaker Pro LX06 version 1.58.10, as a temporary workaround, consider disabling the `mi console` command and restricting access to the device's SN code to minimize the risk of exploitation. Additionally, restrict access to the IR emitter and the voice assistant service until a patch is available. Avoid using the device's Text-To-Speech tools and do not rely on the device's voice for sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XIAOMI XIAOAI speaker Pro LX06 version 1.52.4 **Description** An issue was discovered that allows attackers to gain root shell access by accessing the UART interface. This access enables various malicious activities, including: - reading Wi-Fi SSID or password, - reading dialogue text files between users and the device, - using Text-To-Speech tools to pretend to be the device's voice for social engineering attacks, - eavesdropping on users and recording what the device hears, - modifying system files, - sending any IR code through the IR emitter, - stopping the voice assistant service, - enabling the device's SSH or TELNET service as a backdoor, - tampering with the router configuration in local area networks. **Recommendations** For XIAOMI XIAOAI speaker Pro LX06 version 1.52.4, as a temporary workaround, consider restricting physical access to the UART interface until a patch is available. Additionally, restrict access to the device's network to minimize the risk of exploitation. Avoid using the device's Text-To-Speech functionality and IR emitter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.