CVE-2019-15914

HIGH

Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM DoS via ZigBee Trust Center Rejoin

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15914. PoCs published by chengcheng227.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2019-15914, focusing on the insecure trust center rejoin procedure in Xiaomi DGNWG03LM and ZNCZ03LM devices. It includes architectural diagrams, attack methodology, and demonstration of a denial-of-service (DoS) attack via ZigBee network manipulation.

Description

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.

Exploits (1)

github WRITEUP 9 stars
by chengcheng227 · poc
https://github.com/chengcheng227/CVE-POC/tree/master/CVE-2019-15914_1.md

This repository provides a detailed technical analysis of CVE-2019-15914, focusing on the insecure trust center rejoin procedure in Xiaomi DGNWG03LM and ZNCZ03LM devices. It includes architectural diagrams, attack methodology, and demonstration of a denial-of-service (DoS) attack via ZigBee network manipulation.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: Xiaomi DGNWG03LM, ZNCZ03LM
No auth needed
Prerequisites: Laptop with Ubuntu 16.04.3 LTS · Atmel RZ Raven USB sticks · KillerBee · Zigdiggity · Wireshark
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0131
EPSS Percentile 66.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (5)
mi/dgnwg03lm_firmware
mi/mccgq01lm_firmware
mi/rtcgq01lm_firmware
mi/wsdcgq01lm_firmware
mi/zncz03lm_firmware
Published Dec 20, 2019
Tracked Since Feb 18, 2026