1. Home
  2. CVE Database
  3. CVE-2019-12821
MEDIUM · 4.8

CVE-2019-12821

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that d...

Vulnerability Description

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containing information about the device ID, it is possible to connect an arbitrary device and gain full access to it. The device ID has an initial "JSW" substring followed by a six digit number that depends on the specific device.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
JisiweiI3 Firmware2.0
JisiweiI3-

Related Weaknesses (CWE)

CWE-330

References

FAQ

What is CVE-2019-12821?

CVE-2019-12821 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that d...

How severe is CVE-2019-12821?

CVE-2019-12821 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12821?

Check the references section above for vendor advisories and patch information. Affected products include: Jisiwei I3 Firmware, Jisiwei I3.