var-201906-0269
Vulnerability from variot
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. Xiaomi Mi 5s Plus Devices have vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Xiaomi Mi 5s Plus is a smartphone of China Xiaomi Technology (Xiaomi).
There is a security hole in Xiaomi Mi 5s Plus. Attackers can use the wireless signal between 198 kHz and 203 kHz to exploit this vulnerability to cause anomalies in the touch screen
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0269", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mi 5s plus", scope: null, trust: 1.4, vendor: "xiaomi", version: null, }, { model: "xperia z4", scope: "eq", trust: 1, vendor: "sony", version: null, }, { model: "nexus 7", scope: "eq", trust: 1, vendor: "google", version: null, }, { model: "galaxy s4", scope: "eq", trust: 1, vendor: "samsung", version: null, }, { model: "arrows nx f05-f", scope: "eq", trust: 1, vendor: "fujitsu", version: null, }, { model: "aquos zeta sh-04f", scope: "eq", trust: 1, vendor: "sharp", version: null, }, { model: "nexus 9", scope: "eq", trust: 1, vendor: "google", version: null, }, { model: "galaxy s6 edge", scope: "eq", trust: 1, vendor: "samsung", version: null, }, { model: "5s plus", scope: "eq", trust: 1, vendor: "mi", version: null, }, { model: "nexus 7", scope: null, trust: 0.8, vendor: "google", version: null, }, { model: "nexus 9", scope: null, trust: 0.8, vendor: "google", version: null, }, { model: "galaxy s4", scope: null, trust: 0.8, vendor: "samsung", version: null, }, { model: "galaxy s6 edge", scope: null, trust: 0.8, vendor: "samsung", version: null, }, { model: "aquos zeta sh-04f", scope: null, trust: 0.8, vendor: "sharp", version: null, }, { model: "xperia z4", scope: null, trust: 0.8, vendor: "sony", version: null, }, { model: "arrows nx f005-f", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-27290", }, { db: "JVNDB", id: "JVNDB-2019-005347", }, { db: "NVD", id: "CVE-2019-12762", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:mi:mi_5s_plus_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:mi:mi_5s_plus:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sony:xperia_z4_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sony:xperia_z4:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:samsung:galaxy_s6_edge_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:google:nexus_7_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:google:nexus_7:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:google:nexus_9_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:google:nexus_9:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sharp:aquos_zeta_sh-04f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sharp:aquos_zeta_sh-04f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fujitsu:arrows_nx_f05-f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:fujitsu:arrows_nx_f05-f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-12762", }, ], }, cve: "CVE-2019-12762", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "NONE", exploitabilityScore: 3.4, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 1.9, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-12762", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "NONE", exploitabilityScore: 3.4, id: "CNVD-2020-27290", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "NONE", exploitabilityScore: 3.4, id: "VHN-144541", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "PHYSICAL", author: "NVD", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 0.5, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "High", attackVector: "Physical", author: "NVD", availabilityImpact: "None", baseScore: 4.2, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-12762", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-12762", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-27290", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-201906-276", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-144541", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-27290", }, { db: "VULHUB", id: "VHN-144541", }, { db: "JVNDB", id: "JVNDB-2019-005347", }, { db: "NVD", id: "CVE-2019-12762", }, { db: "CNNVD", id: "CNNVD-201906-276", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. Xiaomi Mi 5s Plus Devices have vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Xiaomi Mi 5s Plus is a smartphone of China Xiaomi Technology (Xiaomi). \n\r\n\r\nThere is a security hole in Xiaomi Mi 5s Plus. Attackers can use the wireless signal between 198 kHz and 203 kHz to exploit this vulnerability to cause anomalies in the touch screen", sources: [ { db: "NVD", id: "CVE-2019-12762", }, { db: "JVNDB", id: "JVNDB-2019-005347", }, { db: "CNVD", id: "CNVD-2020-27290", }, { db: "VULHUB", id: "VHN-144541", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-12762", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2019-005347", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-27290", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-201906-276", trust: 0.7, }, { db: "VULHUB", id: "VHN-144541", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-27290", }, { db: "VULHUB", id: "VHN-144541", }, { db: "JVNDB", id: "JVNDB-2019-005347", }, { db: "NVD", id: "CVE-2019-12762", }, { db: "CNNVD", id: "CNNVD-201906-276", }, ], }, id: "VAR-201906-0269", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-27290", }, { db: "VULHUB", id: "VHN-144541", }, ], trust: 1.30069445, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-27290", }, ], }, last_update_date: "2023-12-18T12:50:16.407000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Nexus", trust: 0.8, url: "https://support.google.com/nexus/answer/6102470?hl=ja", }, { title: "Top Page", trust: 0.8, url: "https://www.galaxymobile.jp/", }, { title: "Xperia Z4", trust: 0.8, url: "https://www.sonymobile.co.jp/xperia/softbank/z4/", }, { title: "Mi 5s Plus", trust: 0.8, url: "https://www.mi.com/global/mi5splus/", }, { title: "Aquos Zeta SH-04F", trust: 0.8, url: "https://jp.sharp/products/sh04f/spec/", }, { title: "arrowsシリーズ", trust: 0.8, url: "https://www.fmworld.net/product/phone/arrows/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005347", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-264", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-144541", }, { db: "JVNDB", id: "JVNDB-2019-005347", }, { db: "NVD", id: "CVE-2019-12762", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-12762", }, { trust: 1, url: "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12762", }, { trust: 0.7, url: "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-27290", }, { db: "VULHUB", id: "VHN-144541", }, { db: "JVNDB", id: "JVNDB-2019-005347", }, { db: "NVD", id: "CVE-2019-12762", }, { db: "CNNVD", id: "CNNVD-201906-276", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-27290", }, { db: "VULHUB", id: "VHN-144541", }, { db: "JVNDB", id: "JVNDB-2019-005347", }, { db: "NVD", id: "CVE-2019-12762", }, { db: "CNNVD", id: "CNNVD-201906-276", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-09T00:00:00", db: "CNVD", id: "CNVD-2020-27290", }, { date: "2019-06-06T00:00:00", db: "VULHUB", id: "VHN-144541", }, { date: "2019-06-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-005347", }, { date: "2019-06-06T20:29:02.807000", db: "NVD", id: "CVE-2019-12762", }, { date: "2019-06-06T00:00:00", db: "CNNVD", id: "CNNVD-201906-276", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-09T00:00:00", db: "CNVD", id: "CNVD-2020-27290", }, { date: "2020-08-24T00:00:00", db: "VULHUB", id: "VHN-144541", }, { date: "2019-06-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-005347", }, { date: "2023-11-07T03:03:40.433000", db: "NVD", id: "CVE-2019-12762", }, { date: "2020-08-25T00:00:00", db: "CNNVD", id: "CNNVD-201906-276", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Xiaomi Mi 5s Plus Vulnerabilities related to authorization, authority, and access control in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-005347", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control issues", sources: [ { db: "CNNVD", id: "CNNVD-201906-276", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.