CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-12500

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.5%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 3.3

References

https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-for-unsuspecting-riders/
https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-for-unsuspecting-riders/

Products affected by CVE-2019-12500

Mi » M365 » Version: 2019-02-12

cpe:2.3:h:mi:m365:2019-02-12
Mi » M365 Firmware » Version: Any

cpe:2.3:o:mi:m365_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12500

Products

Pricing

Contact Us