CVE-2019-12500
First published: Fri May 31 2019(Updated: )
The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mi M365 | <1.5.1 | |
| Microsoft 365 | =2019-02-12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-12500?
CVE-2019-12500 is considered a high severity vulnerability due to the potential for unsafe accelerations and braking affecting rider safety.
How do I fix CVE-2019-12500?
To fix CVE-2019-12500, upgrade the Xiaomi M365 scooter firmware to version 1.5.1 or later.
What devices are affected by CVE-2019-12500?
Devices affected by CVE-2019-12500 include the Xiaomi M365 scooter with firmware versions prior to 1.5.1.
What kind of commands can be spoofed due to CVE-2019-12500?
CVE-2019-12500 allows spoofing of commands such as sudden accelerations, sudden braking, locking, and unlocking.
Is there a known exploit for CVE-2019-12500?
Yes, CVE-2019-12500 has been exploited in the wild, demonstrating risks associated with Bluetooth Low Energy commands.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mi
- canonical/mi m365
- canonical/microsoft 365
- version/microsoft 365/2019-02-12