Published: 19/07/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4.8 | Impact Score: 2.5 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containing information about the device ID, it is possible to connect an arbitrary device and gain full access to it. The device ID has an initial "JSW" substring followed by a six digit number that depends on the specific device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jisiwei i3_firmware 2.0

This is resources and documentation needed for recreating the hack for the JISIWEI Vacuum Cleaner Robot owned by the NSE Cyber Security Lab at KTH EECS.

JISIWEI Vacuum Cleaner Robot Demo Created: 2020-06-29 Revised: 2020-07-08 This project consists of resources and documentation needed for re-creating and to demo the hack for the JISIWEI Vacuum Cleaner Robot at the NSE Cyber Security Lab This demo will be based upon the HTTP vulnerability found in CVE-2019-12820 Tools Used Android Smartphone, with the JISIWEI application ins

CWE-330 https://www.kth.se/polopoly_fs/1.914058.1561621210%21/Olsson_Larsson-Forsberg_vacuum.pdf https://nvd.nist.gov https://github.com/sebastian-porling/JISIWEI-Vacuum-Cleaner-Robot-Hack

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-12821

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect