CVE-2019-15913

CRITICAL

Xiaomi Devices - Info Disclosure/DoS

Title source: llm

Description

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages.

Exploits (1)

github WRITEUP 9 stars

by chengcheng227 · poc

https://github.com/chengcheng227/CVE-POC/tree/master/CVE-2019-15913.md

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15913.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0034

EPSS Percentile 56.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-639

Status published

Products (5)

mi/dgnwg03lm_firmware

mi/mccgq01lm_firmware

mi/rtcgq01lm_firmware

mi/wsdcgq01lm_firmware

mi/zncz03lm_firmware

Published Dec 20, 2019

Tracked Since Feb 18, 2026