CVE-2019-12500

Name of the Vulnerable Software and Affected Versions Xiaomi M365 scooter versions prior to 1.5.1

Description The issue allows spoofing of commands, including "suddenly accelerate", due to the lack of server-side authentication check for Bluetooth Low Energy commands. Other affected commands include suddenly braking, locking, and unlocking.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting Bluetooth Low Energy connections to trusted devices until a patch is applied.