Bluetooth Low Energy Command Spoofing Vulnerability in Xiaomi M365 Scooter

Bluetooth Low Energy Command Spoofing Vulnerability in Xiaomi M365 Scooter

CVE-2019-12500 · LOW Severity

AV:A/AC:L/AU:N/C:N/I:P/A:N

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking.

Learn more about our Cis Benchmark Audit For Server Software.