Описание
The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.1 (исключая)
Одновременно
cpe:2.3:o:mi:m365_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mi:m365:2019-02-12:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking.
EPSS
Процентиль: 30%
0.0011
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-306