CVE-2019-15914
HIGH WAF: Medium
CVSS 7.5
Published: 2019-12-20
CWE-20
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mi | dgnwg03lm_firmware | - |
| mi | zncz03lm_firmware | - |
| mi | mccgq01lm_firmware | - |
| mi | wsdcgq01lm_firmware | - |
| mi | rtcgq01lm_firmware | - |
References
- github.com (Exploit, Third Party Advisory)
- github.com (Exploit, Third Party Advisory)