Details of VAR-201912-1501

ID

VAR-201912-1501

CVE

CVE-2019-15914

TITLE

plural Xiaomi Input validation vulnerabilities in product devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-013616

DESCRIPTION

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. plural Xiaomi The product device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Xiaomi DGNWG03LM and other products are products of Xiaomi China. Xiaomi DGNWG03LM is a smart home gateway device. ZNCZ03LM is a smart switch device. MCCGQ01LM is a smart remote control. There are security holes in several Xiaomi products. An attacker could use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2019-15914 // JVNDB: JVNDB-2019-013616 // CNVD: CNVD-2020-03067

IOT TAXONOMY

category:	['IoT']	sub_category:	-	Trust: 0.6
category:	['home & office device', 'network device']	sub_category:	smart home device	Trust: 0.1
category:	['home & office device', 'network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-03067

AFFECTED PRODUCTS

vendor:	mi	model:	dgnwg03lm	scope:	eq	version:	-	Trust: 2.2
vendor:	mi	model:	mccgq01lm	scope:	eq	version:	-	Trust: 2.2
vendor:	mi	model:	zncz03lm	scope:	eq	version:	-	Trust: 2.2
vendor:	mi	model:	rtcgq01lm	scope:	eq	version:	-	Trust: 2.2
vendor:	mi	model:	wsdcgq01lm	scope:	eq	version:	-	Trust: 2.2
vendor:	xiaomi	model:	dgnwg03lm	scope:	-	version:	-	Trust: 1.4
vendor:	xiaomi	model:	zncz03lm	scope:	-	version:	-	Trust: 1.4
vendor:	xiaomi	model:	mccgq01lm	scope:	-	version:	-	Trust: 1.4
vendor:	xiaomi	model:	wsdcgq01lm	scope:	-	version:	-	Trust: 1.4
vendor:	xiaomi	model:	rtcgq01lm	scope:	-	version:	-	Trust: 1.4

sources: CNVD: CNVD-2020-03067 // JVNDB: JVNDB-2019-013616 // CNNVD: CNNVD-201912-966 // NVD: CVE-2019-15914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15914
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15914
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-03067
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-966
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2019-15914
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-03067
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-15914
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15914
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-03067 // JVNDB: JVNDB-2019-013616 // CNNVD: CNNVD-201912-966 // NVD: CVE-2019-15914

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-013616 // NVD: CVE-2019-15914

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-966

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013616

PATCH

title:

Top Page

url:

https://www.mi.com/global

Trust: 0.8

sources: JVNDB: JVNDB-2019-013616

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15914	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-013616	Trust: 0.8
db:	CNVD	id:	CNVD-2020-03067	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-966	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-03067 // JVNDB: JVNDB-2019-013616 // CNNVD: CNNVD-201912-966 // NVD: CVE-2019-15914

REFERENCES

url:	https://github.com/chengcheng227/cve-poc/blob/master/cve-2019-15914_1.md	Trust: 2.4
url:	https://github.com/chengcheng227/cve-poc/blob/master/cve-2019-15914_2.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15914	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15914	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-03067 // JVNDB: JVNDB-2019-013616 // CNNVD: CNNVD-201912-966 // NVD: CVE-2019-15914

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2020-03067
db:	JVNDB	id:	JVNDB-2019-013616
db:	CNNVD	id:	CNNVD-201912-966
db:	NVD	id:	CVE-2019-15914

LAST UPDATE DATE

2025-01-30T19:32:13.110000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-03067	date:	2020-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-013616	date:	2020-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201912-966	date:	2019-12-31T00:00:00
db:	NVD	id:	CVE-2019-15914	date:	2024-11-21T04:29:43.117

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-03067	date:	2020-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-013616	date:	2020-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201912-966	date:	2019-12-20T00:00:00
db:	NVD	id:	CVE-2019-15914	date:	2019-12-20T17:15:11.643