PT-2019-14467 · Xiaomi · Xiaomi Rtcgq01Lm+4
Hsuan-Yu
+3
·
Published
2019-12-20
·
Updated
2020-01-03
·
CVE-2019-15913
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Xiaomi DGNWG03LM version
Xiaomi ZNCZ03LM version
Xiaomi MCCGQ01LM version
Xiaomi WSDCGQ01LM version
Xiaomi RTCGQ01LM version
Description
The issue is related to insecure key transport in ZigBee communication. This allows attackers to gain sensitive information, launch denial of service attacks, take over smart home devices, and tamper with messages.
Recommendations
For Xiaomi DGNWG03LM, update the device to a version that addresses the insecure key transport issue.
For Xiaomi ZNCZ03LM, update the device to a version that addresses the insecure key transport issue.
For Xiaomi MCCGQ01LM, update the device to a version that addresses the insecure key transport issue.
For Xiaomi WSDCGQ01LM, update the device to a version that addresses the insecure key transport issue.
For Xiaomi RTCGQ01LM, update the device to a version that addresses the insecure key transport issue.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xiaomi Dgnwg03Lm
Xiaomi Mccgq01Lm
Xiaomi Rtcgq01Lm
Xiaomi Wsdcgq01Lm
Xiaomi Zncz03Lm