Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-12762

Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.2, but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts integrity (unauthorized modifications), for affected systems. Impacting 16 products from mi, from mi, from sony and 13 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-06-06T20:29:02.807

Last Modified

2024-11-21T04:23:31.383

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.4

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mi	mi_5s_plus_firmware	-	Yes
Hardware	mi	mi_5s_plus	-	No
Operating System	sony	xperia_z4_firmware	-	Yes
Hardware	sony	xperia_z4	-	No
Operating System	samsung	galaxy_s6_edge_firmware	-	Yes
Hardware	samsung	galaxy_s6_edge	-	No
Operating System	samsung	galaxy_s4_firmware	-	Yes
Hardware	samsung	galaxy_s4	-	No
Operating System	google	nexus_7_firmware	-	Yes
Hardware	google	nexus_7	-	No
Operating System	google	nexus_9_firmware	-	Yes
Hardware	google	nexus_9	-	No
Operating System	sharp	aquos_zeta_sh-04f_firmware	-	Yes
Hardware	sharp	aquos_zeta_sh-04f	-	No
Operating System	fujitsu	arrows_nx_f05-f_firmware	-	Yes
Hardware	fujitsu	arrows_nx_f05-f	-	No

References

https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/ Third Party Advisory ([email protected])
https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607 ([email protected])
https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607 (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For mi's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.