Details of VAR-201909-1085

ID

VAR-201909-1085

CVE

CVE-2019-15843

TITLE

Xiaomi Millet Vulnerability related to unlimited uploading of dangerous types of files on mobile phones

Trust: 0.8

sources: JVNDB: JVNDB-2019-009432

DESCRIPTION

A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. Xiaomi mobile phone is a smartphone produced by Xiaomi Information Technology Co., Ltd. An attacker can exploit this vulnerability to write files or read privileged data. There are code issue vulnerabilities in several Xiaomi phones

Trust: 2.25

sources: NVD: CVE-2019-15843 // JVNDB: JVNDB-2019-009432 // CNVD: CNVD-2025-06303 // VULHUB: VHN-147930

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-06303

AFFECTED PRODUCTS

vendor:	mi	model:	xiaomi millet	scope:	eq	version:	1-6.3.9.3	Trust: 1.6
vendor:	xiaomi	model:	millet	scope:	eq	version:	1-6.3.9.3	Trust: 0.8
vendor:	xiaomi	model:	millet mobile phones	scope:	eq	version:	1-6.3.9.3	Trust: 0.6

sources: CNVD: CNVD-2025-06303 // JVNDB: JVNDB-2019-009432 // CNNVD: CNNVD-201909-868 // NVD: CVE-2019-15843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15843
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15843
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-06303
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-868
value:	HIGH
Trust: 0.6
VULHUB:	VHN-147930
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15843
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2025-06303
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-147930
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15843
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15843
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-06303 // VULHUB: VHN-147930 // JVNDB: JVNDB-2019-009432 // CNNVD: CNNVD-201909-868 // NVD: CVE-2019-15843

PROBLEMTYPE DATA

problemtype:

CWE-434

Trust: 1.9

sources: VULHUB: VHN-147930 // JVNDB: JVNDB-2019-009432 // NVD: CVE-2019-15843

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-868

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-868

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009432

PATCH

title:	CVE-2019-15843	url:	https://sec.xiaomi.com/post/152	Trust: 0.8
title:	Patch for Xiaomi Millet mobile phones have a file upload vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/674566	Trust: 0.6
title:	Multiple Xiaomi Fixes for mobile code problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98394	Trust: 0.6

sources: CNVD: CNVD-2025-06303 // JVNDB: JVNDB-2019-009432 // CNNVD: CNNVD-201909-868

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15843	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-009432	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-868	Trust: 0.7
db:	CNVD	id:	CNVD-2025-06303	Trust: 0.6
db:	VULHUB	id:	VHN-147930	Trust: 0.1

sources: CNVD: CNVD-2025-06303 // VULHUB: VHN-147930 // JVNDB: JVNDB-2019-009432 // CNNVD: CNNVD-201909-868 // NVD: CVE-2019-15843

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-15843	Trust: 2.0
url:	https://sec.xiaomi.com/post/152	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15843	Trust: 0.8

sources: CNVD: CNVD-2025-06303 // VULHUB: VHN-147930 // JVNDB: JVNDB-2019-009432 // CNNVD: CNNVD-201909-868 // NVD: CVE-2019-15843

SOURCES

db:	CNVD	id:	CNVD-2025-06303
db:	VULHUB	id:	VHN-147930
db:	JVNDB	id:	JVNDB-2019-009432
db:	CNNVD	id:	CNNVD-201909-868
db:	NVD	id:	CVE-2019-15843

LAST UPDATE DATE

2025-04-03T22:32:04.030000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-06303	date:	2025-04-02T00:00:00
db:	VULHUB	id:	VHN-147930	date:	2019-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-009432	date:	2019-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201909-868	date:	2019-09-30T00:00:00
db:	NVD	id:	CVE-2019-15843	date:	2024-11-21T04:29:35.703

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-06303	date:	2025-04-02T00:00:00
db:	VULHUB	id:	VHN-147930	date:	2019-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-009432	date:	2019-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201909-868	date:	2019-09-18T00:00:00
db:	NVD	id:	CVE-2019-15843	date:	2019-09-18T15:15:10.487