Sign-up

ID

VAR-201907-0345


CVE

CVE-2019-12820


TITLE

Shenzhen Jisiwei i3 robot vacuum cleaner Vulnerabilities in certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-007221

DESCRIPTION

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, the login request is being sent in cleartext. The vulnerability exists in both the Android and iOS version of the app. An attacker could exploit this by using an MiTM attack on the local network to obtain someone's login credentials, which gives them full access to the robot vacuum cleaner. Shenzhen Jisiwei i3 robot vacuum cleaner Contains a vulnerability related to certificate and password management.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Jisiwei i3 is a vacuuming robot from China's Jisiwei company. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly. The attacker can cause the content to be incorrectly encrypted, weakly encrypted, and plaintext storage sensitive information. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 2.34

sources: NVD: CVE-2019-12820 // JVNDB: JVNDB-2019-007221 // CNVD: CNVD-2019-26795 // VULHUB: VHN-144605 // VULMON: CVE-2019-12820

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['home & office device']sub_category:vacuum cleaner

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-26795

AFFECTED PRODUCTS

vendor:jisiweimodel:i3scope:eqversion:2.0

Trust: 1.0

vendor:jisiwei intelligentmodel:i3scope:eqversion:2.0

Trust: 0.8

vendor:jisiweimodel:i3 robot vacuum cleaner appscope:eqversion:2.0

Trust: 0.6

sources: CNVD: CNVD-2019-26795 // JVNDB: JVNDB-2019-007221 // NVD: CVE-2019-12820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12820
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12820
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-26795
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1129
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144605
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-12820
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12820
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-26795
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-144605
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12820
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-26795 // VULHUB: VHN-144605 // VULMON: CVE-2019-12820 // JVNDB: JVNDB-2019-007221 // CNNVD: CNNVD-201907-1129 // NVD: CVE-2019-12820

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-144605 // JVNDB: JVNDB-2019-007221 // NVD: CVE-2019-12820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1129

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1129

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007221

PATCH
title:Top Pageurl:http://global.jisiwei.com/
Trust: 0.8
title:JISIWEI-Vacuum-Cleaner-Robot-Hackurl:https://github.com/sebastian-porling/JISIWEI-Vacuum-Cleaner-Robot-Hack 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-12820 // 
            
            
            
            JVNDB: JVNDB-2019-007221

EXTERNAL IDS
db:NVDid:CVE-2019-12820
Trust: 3.3
db:JVNDBid:JVNDB-2019-007221
Trust: 0.8
db:CNNVDid:CNNVD-201907-1129
Trust: 0.7
db:CNVDid:CNVD-2019-26795
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-144605
Trust: 0.1
db:VULMONid:CVE-2019-12820
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-26795 // 
            
            
            
            VULHUB: VHN-144605 // 
            
            
            
            VULMON: CVE-2019-12820 // 
            
            
            
            JVNDB: JVNDB-2019-007221 // 
            
            
            
            CNNVD: CNNVD-201907-1129 // 
            
            
            
            NVD: CVE-2019-12820

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-12820
Trust: 2.0
url:https://www.kth.se/polopoly_fs/1.914058.1561621210!/olsson_larsson-forsberg_vacuum.pdf
Trust: 1.5
url:https://www.kth.se/polopoly_fs/1.914058.1561621210%21/olsson_larsson-forsberg_vacuum.pdf
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12820
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/319.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/sebastian-porling/jisiwei-vacuum-cleaner-robot-hack
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-26795 // 
            
            
            
            VULHUB: VHN-144605 // 
            
            
            
            VULMON: CVE-2019-12820 // 
            
            
            
            JVNDB: JVNDB-2019-007221 // 
            
            
            
            CNNVD: CNNVD-201907-1129 // 
            
            
            
            NVD: CVE-2019-12820

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2019-26795
db:VULHUBid:VHN-144605
db:VULMONid:CVE-2019-12820
db:JVNDBid:JVNDB-2019-007221
db:CNNVDid:CNNVD-201907-1129
db:NVDid:CVE-2019-12820

LAST UPDATE DATE
2025-01-30T21:31:13.695000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-26795date:2019-08-12T00:00:00
db:VULHUBid:VHN-144605date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-12820date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-007221date:2019-08-05T00:00:00
db:CNNVDid:CNNVD-201907-1129date:2020-08-25T00:00:00
db:NVDid:CVE-2019-12820date:2024-11-21T04:23:39.183

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-26795date:2019-08-12T00:00:00
db:VULHUBid:VHN-144605date:2019-07-19T00:00:00
db:VULMONid:CVE-2019-12820date:2019-07-19T00:00:00
db:JVNDBid:JVNDB-2019-007221date:2019-08-05T00:00:00
db:CNNVDid:CNNVD-201907-1129date:2019-07-19T00:00:00
db:NVDid:CVE-2019-12820date:2019-07-19T18:15:11.807