Описание
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:mi:dgnwg03lm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mi:dgnwg03lm:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:mi:zncz03lm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mi:zncz03lm:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:mi:mccgq01lm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mi:mccgq01lm:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:mi:wsdcgq01lm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mi:wsdcgq01lm:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:mi:rtcgq01lm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mi:rtcgq01lm:-:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00341
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-639
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM 5.5.48 devices. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause a denial of service attack, take over smart home devices, and tamper with messages.
EPSS
Процентиль: 56%
0.00341
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-639