PT-2019-14467 · Xiaomi · Xiaomi Rtcgq01Lm+4
Hsuan-Yu
+3
·
Publicado
2019-12-20
·
Atualizado
2020-01-03
·
CVE-2019-15913
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Xiaomi DGNWG03LM version
Xiaomi ZNCZ03LM version
Xiaomi MCCGQ01LM version
Xiaomi WSDCGQ01LM version
Xiaomi RTCGQ01LM version
Description
The issue is related to insecure key transport in ZigBee communication. This allows attackers to gain sensitive information, launch denial of service attacks, take over smart home devices, and tamper with messages.
Recommendations
For Xiaomi DGNWG03LM, update the device to a version that addresses the insecure key transport issue.
For Xiaomi ZNCZ03LM, update the device to a version that addresses the insecure key transport issue.
For Xiaomi MCCGQ01LM, update the device to a version that addresses the insecure key transport issue.
For Xiaomi WSDCGQ01LM, update the device to a version that addresses the insecure key transport issue.
For Xiaomi RTCGQ01LM, update the device to a version that addresses the insecure key transport issue.
Exploit
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xiaomi Dgnwg03Lm
Xiaomi Mccgq01Lm
Xiaomi Rtcgq01Lm
Xiaomi Wsdcgq01Lm
Xiaomi Zncz03Lm