VAR-201907-0345
Vulnerability from variot - Updated: 2025-01-30 21:31A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, the login request is being sent in cleartext. The vulnerability exists in both the Android and iOS version of the app. An attacker could exploit this by using an MiTM attack on the local network to obtain someone's login credentials, which gives them full access to the robot vacuum cleaner. Shenzhen Jisiwei i3 robot vacuum cleaner Contains a vulnerability related to certificate and password management.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Jisiwei i3 is a vacuuming robot from China's Jisiwei company. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly. The attacker can cause the content to be incorrectly encrypted, weakly encrypted, and plaintext storage sensitive information. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "i3",
"scope": "eq",
"trust": 1.0,
"vendor": "jisiwei",
"version": "2.0"
},
{
"model": "i3",
"scope": "eq",
"trust": 0.8,
"vendor": "jisiwei intelligent",
"version": "2.0"
},
{
"model": "i3 robot vacuum cleaner app",
"scope": "eq",
"trust": 0.6,
"vendor": "jisiwei",
"version": "2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"db": "NVD",
"id": "CVE-2019-12820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:jisiwei:i3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
}
]
},
"cve": "CVE-2019-12820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-12820",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-26795",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-144605",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2019-12820",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12820",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-12820",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-26795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1129",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-144605",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-12820",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"db": "VULHUB",
"id": "VHN-144605"
},
{
"db": "VULMON",
"id": "CVE-2019-12820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1129"
},
{
"db": "NVD",
"id": "CVE-2019-12820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, the login request is being sent in cleartext. The vulnerability exists in both the Android and iOS version of the app. An attacker could exploit this by using an MiTM attack on the local network to obtain someone\u0027s login credentials, which gives them full access to the robot vacuum cleaner. Shenzhen Jisiwei i3 robot vacuum cleaner Contains a vulnerability related to certificate and password management.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Jisiwei i3 is a vacuuming robot from China\u0027s Jisiwei company. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly. The attacker can cause the content to be incorrectly encrypted, weakly encrypted, and plaintext storage sensitive information. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"db": "VULHUB",
"id": "VHN-144605"
},
{
"db": "VULMON",
"id": "CVE-2019-12820"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12820",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1129",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-26795",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-144605",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-12820",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"db": "VULHUB",
"id": "VHN-144605"
},
{
"db": "VULMON",
"id": "CVE-2019-12820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1129"
},
{
"db": "NVD",
"id": "CVE-2019-12820"
}
]
},
"id": "VAR-201907-0345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"db": "VULHUB",
"id": "VHN-144605"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"home \u0026 office device"
],
"sub_category": "vacuum cleaner",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-26795"
}
]
},
"last_update_date": "2025-01-30T21:31:13.695000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://global.jisiwei.com/"
},
{
"title": "JISIWEI-Vacuum-Cleaner-Robot-Hack",
"trust": 0.1,
"url": "https://github.com/sebastian-porling/JISIWEI-Vacuum-Cleaner-Robot-Hack "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-12820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144605"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"db": "NVD",
"id": "CVE-2019-12820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12820"
},
{
"trust": 1.5,
"url": "https://www.kth.se/polopoly_fs/1.914058.1561621210!/olsson_larsson-forsberg_vacuum.pdf"
},
{
"trust": 1.1,
"url": "https://www.kth.se/polopoly_fs/1.914058.1561621210%21/olsson_larsson-forsberg_vacuum.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12820"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sebastian-porling/jisiwei-vacuum-cleaner-robot-hack"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"db": "VULHUB",
"id": "VHN-144605"
},
{
"db": "VULMON",
"id": "CVE-2019-12820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1129"
},
{
"db": "NVD",
"id": "CVE-2019-12820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"db": "VULHUB",
"id": "VHN-144605"
},
{
"db": "VULMON",
"id": "CVE-2019-12820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1129"
},
{
"db": "NVD",
"id": "CVE-2019-12820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"date": "2019-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-144605"
},
{
"date": "2019-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12820"
},
{
"date": "2019-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"date": "2019-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1129"
},
{
"date": "2019-07-19T18:15:11.807000",
"db": "NVD",
"id": "CVE-2019-12820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-26795"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-144605"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12820"
},
{
"date": "2019-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007221"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1129"
},
{
"date": "2024-11-21T04:23:39.183000",
"db": "NVD",
"id": "CVE-2019-12820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1129"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen Jisiwei i3 robot vacuum cleaner Vulnerabilities in certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1129"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.