CVE-2019-13953
First published: Fri Sep 06 2019(Updated: )
An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xiaoyi Yi M1 Mirrorless Camera Firmware | =3.2-cn | |
| Xiaoyi Yi M1 Mirrorless Camera |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-13953.
What is the severity level of CVE-2019-13953?
CVE-2019-13953 has a severity level of 8.8, which is considered high.
What is the affected software of CVE-2019-13953?
The affected software for CVE-2019-13953 is the Xiaoyi Yi M1 Mirrorless Camera Firmware version 3.2-cn.
How can an attacker exploit CVE-2019-13953?
An attacker can exploit CVE-2019-13953 by sending a set of Bluetooth Low Energy (BLE) commands to trigger an authentication bypass vulnerability in the Yi M1 Mirrorless Camera, resulting in sensitive data leakage.
Is there a patch or fix available for CVE-2019-13953?
At the time of writing, there is no information available about a patch or fix for CVE-2019-13953. It is recommended to follow the guidance provided by the vendor or the relevant security advisories.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/type
- agent/description
- agent/event
- vendor/xiaoyi
- canonical/xiaoyi yi m1 mirrorless camera firmware
- version/xiaoyi yi m1 mirrorless camera firmware/3.2-cn
- canonical/xiaoyi yi m1 mirrorless camera