CVE-2019-15913

CRITICAL

Xiaomi Devices - Info Disclosure/DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15913. PoCs published by chengcheng227.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2019-15913, focusing on insecure key transport in ZigBee communication for Xiaomi smart home devices. It includes attack demonstrations, key sniffing techniques, message tampering, and denial-of-service methods.

Description

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages.

Exploits (1)

github WRITEUP 9 stars
by chengcheng227 · poc
https://github.com/chengcheng227/CVE-POC/tree/master/CVE-2019-15913.md

This repository provides a detailed technical analysis of CVE-2019-15913, focusing on insecure key transport in ZigBee communication for Xiaomi smart home devices. It includes attack demonstrations, key sniffing techniques, message tampering, and denial-of-service methods.

Classification
Writeup 95%
Attack Type
Info Leak | Dos
Complexity
Moderate
Reliability
Reliable
Target: Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices
No auth needed
Prerequisites: Laptop with Ubuntu 16.04.3 LTS · Atmel RZ Raven USB sticks · KillerBee · Zigdiggity · Wireshark
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0125
EPSS Percentile 65.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-639
Status published
Products (5)
mi/dgnwg03lm_firmware
mi/mccgq01lm_firmware
mi/rtcgq01lm_firmware
mi/wsdcgq01lm_firmware
mi/zncz03lm_firmware
Published Dec 20, 2019
Tracked Since Feb 18, 2026