Sign-up

ID

VAR-201912-1500


CVE

CVE-2019-15913


TITLE

plural Xiaomi Vulnerability in authentication bypass by user control key in product device

Trust: 0.8

sources: JVNDB: JVNDB-2019-013614

DESCRIPTION

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages. plural Xiaomi The product device contains a vulnerability related to authentication bypass by the user control key.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Xiaomi DGNWG03LM and other products are products of Xiaomi China. Xiaomi DGNWG03LM is a smart home gateway device. ZNCZ03LM is a smart switch device. MCCGQ01LM is a smart remote control. There are security vulnerabilities in several Xiaomi products, which stem from the program's insecure transmission of keys

Trust: 2.16

sources: NVD: CVE-2019-15913 // JVNDB: JVNDB-2019-013614 // CNVD: CNVD-2020-03068

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03068

AFFECTED PRODUCTS

vendor:mimodel:dgnwg03lmscope:eqversion: -

Trust: 2.2

vendor:mimodel:mccgq01lmscope:eqversion: -

Trust: 2.2

vendor:mimodel:zncz03lmscope:eqversion: -

Trust: 2.2

vendor:mimodel:rtcgq01lmscope:eqversion: -

Trust: 2.2

vendor:mimodel:wsdcgq01lmscope:eqversion: -

Trust: 2.2

vendor:xiaomimodel:dgnwg03lmscope: - version: -

Trust: 1.4

vendor:xiaomimodel:zncz03lmscope: - version: -

Trust: 1.4

vendor:xiaomimodel:mccgq01lmscope: - version: -

Trust: 1.4

vendor:xiaomimodel:wsdcgq01lmscope: - version: -

Trust: 1.4

vendor:xiaomimodel:rtcgq01lmscope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2020-03068 // JVNDB: JVNDB-2019-013614 // CNNVD: CNNVD-201912-965 // NVD: CVE-2019-15913

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15913
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15913
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-03068
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-965
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2019-15913
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03068
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15913
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15913
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03068 // JVNDB: JVNDB-2019-013614 // CNNVD: CNNVD-201912-965 // NVD: CVE-2019-15913

PROBLEMTYPE DATA

problemtype:CWE-639

Trust: 1.8

sources: JVNDB: JVNDB-2019-013614 // NVD: CVE-2019-15913

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-965

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013614

PATCH
title:Top Pageurl:https://www.mi.com/global
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013614

EXTERNAL IDS
db:NVDid:CVE-2019-15913
Trust: 3.0
db:JVNDBid:JVNDB-2019-013614
Trust: 0.8
db:CNVDid:CNVD-2020-03068
Trust: 0.6
db:CNNVDid:CNNVD-201912-965
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03068 // 
            
            
            
            JVNDB: JVNDB-2019-013614 // 
            
            
            
            CNNVD: CNNVD-201912-965 // 
            
            
            
            NVD: CVE-2019-15913

REFERENCES
url:https://github.com/chengcheng227/cve-poc/blob/master/cve-2019-15913.md
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15913
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15913
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-03068 // 
            
            
            
            JVNDB: JVNDB-2019-013614 // 
            
            
            
            CNNVD: CNNVD-201912-965 // 
            
            
            
            NVD: CVE-2019-15913

SOURCES
db:CNVDid:CNVD-2020-03068
db:JVNDBid:JVNDB-2019-013614
db:CNNVDid:CNNVD-201912-965
db:NVDid:CVE-2019-15913

LAST UPDATE DATE
2024-11-23T21:36:16.239000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03068date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013614date:2020-01-10T00:00:00
db:CNNVDid:CNNVD-201912-965date:2019-12-31T00:00:00
db:NVDid:CVE-2019-15913date:2024-11-21T04:29:42.967

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03068date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013614date:2020-01-10T00:00:00
db:CNNVDid:CNNVD-201912-965date:2019-12-20T00:00:00
db:NVDid:CVE-2019-15913date:2019-12-20T17:15:11.533