# OSINT Post — @androidmalware msg 2861

*Tuesday, March 17, 2026 at 10:19 AM UTC — Hamer Intelligence Services Desk*

**Posted**: 2026-03-17T10:19:10.000Z (2mo ago)
**Fetched**: 2026-03-21T21:32:21.739Z (2mo ago)
**Views**: 6
**Media**: video
**Link**: https://t.me/androidMalware/2861
**Permalink**: https://hamerintel.com/data/posts/2273.md
**Source**: https://hamerintel.com/sources

---

Analysis of RCE of Xiaomi C400 camera by exploiting Vulnerability #1 and #3 combined together. Vulnerabilities are not patched!Vulnerability #1: Xiaomi - miIO Protocol Authentication BypassVulnerability #2: Xiaomi - miIO client cryptographically weak PRNGVulnerability #3: miIO client heap buffer overflowAnalysis: https://labs.taszk.io/articles/post/nowyouseemi/Exploits and jailbreak for Xiaomi Smart Cameras: https://github.com/TaszkSecLabs/xiaomi-c400-pwn