ByteOS Network

NVD Vulnerability Details :

CVE-2019-12821

Modified

Source-cve@mitre.org

Published At-19 Jul, 2019 | 18:15

Updated At-07 Nov, 2023 | 03:03

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containing information about the device ID, it is possible to connect an arbitrary device and gain full access to it. The device ID has an initial "JSW" substring followed by a six digit number that depends on the specific device.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.8	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:P

Type: Primary

Version: 3.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Type: Primary

Version: 2.0

Base score: 5.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:P

CPE Matches

jisiwei>>i3_firmware>>2.0

cpe:2.3:o:jisiwei:i3_firmware:2.0:*:*:*:*:*:*:*

jisiwei>>i3>>-

cpe:2.3:h:jisiwei:i3:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-330	Primary	nvd@nist.gov

CWE ID: CWE-330

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.kth.se/polopoly_fs/1.914058.1561621210%21/Olsson_Larsson-Forsberg_vacuum.pdf	cve@mitre.org	N/A

Hyperlink: https://www.kth.se/polopoly_fs/1.914058.1561621210%21/Olsson_Larsson-Forsberg_vacuum.pdf

Source: cve@mitre.org

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History