CVE-2019-15915

HIGH

Xiaomi DGNWG03LM ZNCZ03LM MCCGQ01LM RTCGQ01LM Firmware - Denial of Service via ZigBee Network Discovery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15915. PoCs published by chengcheng227.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2019-15915, a DoS vulnerability in Xiaomi ZigBee devices. It includes attack methodology, system architecture, and packet-level details but lacks functional exploit code.

Description

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.

Exploits (1)

github WRITEUP 9 stars

by chengcheng227 · poc

https://github.com/chengcheng227/CVE-POC/tree/master/CVE-2019-15915.md

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2019-15915, a DoS vulnerability in Xiaomi ZigBee devices. It includes attack methodology, system architecture, and packet-level details but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM

No auth needed

Prerequisites: Atmel RZ Raven USB sticks · KillerBee · Zigdiggity · Wireshark

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15915.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0115

EPSS Percentile 62.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (4)

mi/dgnwg03lm_firmware

mi/mccgq01lm_firmware

mi/rtcgq01lm_firmware

mi/zncz03lm_firmware

Published Dec 20, 2019

Tracked Since Feb 18, 2026