CVE-2019-16518

MEDIUM

Vandy Vape Swell Kit Mod Firmware - Unintended Temperature Control via Bluetooth Low Energy Packets

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16518. PoCs published by crypt0crc.

AI-analyzed exploit summary This repository contains a functional Python-based exploit for CVE-2019-16518, targeting VandyVape devices via Bluetooth Low Energy (BLE). The exploit allows unauthorized modification of device settings, such as power and voltage, by sending crafted BLE characteristic write requests.

Description

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.

Exploits (1)

gitlab WORKING POC
by crypt0crc · poc
https://gitlab.com/crypt0crc/cve-2019-16518

This repository contains a functional Python-based exploit for CVE-2019-16518, targeting VandyVape devices via Bluetooth Low Energy (BLE). The exploit allows unauthorized modification of device settings, such as power and voltage, by sending crafted BLE characteristic write requests.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: VandyVape Swell Kit Mod 2.0.2 (and potentially other VandyVape devices)
No auth needed
Prerequisites: Bluepy library · Gatttool · Bluetooth adapter · Physical proximity to the target device
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gitlab.com/crypt0crc/cve-2019-16518

Scores

CVSS v3 4.3
EPSS 0.0063
EPSS Percentile 45.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-668
Status published
Products (1)
vandyvape/swell_kit_mod_firmware 2.0.2
Published Sep 23, 2019
Tracked Since Feb 18, 2026