Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-12821
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-19 Jul, 2019 | 18:15
Updated At-07 Nov, 2023 | 03:03

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containing information about the device ID, it is possible to connect an arbitrary device and gain full access to it. The device ID has an initial "JSW" substring followed by a six digit number that depends on the specific device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.04.8MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
CPE Matches
jisiwei
jisiwei
>>i3_firmware>>2.0
cpe:2.3:o:jisiwei:i3_firmware:2.0:*:*:*:*:*:*:*
jisiwei
jisiwei
>>i3>>-
cpe:2.3:h:jisiwei:i3:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-330Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.kth.se/polopoly_fs/1.914058.1561621210%21/Olsson_Larsson-Forsberg_vacuum.pdfcve@mitre.org
N/A
Change History
0Changes found
Details not found