11 matches found
CVE-2019-12821
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...
Jisiwei i3 robot vacuum cleaner encryption issue vulnerability
Jisiwei i3 is a vacuuming robot from the Chinese company Jisiwei. A vulnerability with encryption issues exists in version 2.0 of the Jisiwei i3 robot vacuum cleaner APP. The vulnerability stems from a networked system or product that does not properly utilize relevant cryptographic algorithms,...
CVE-2019-12821
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...
CVE-2019-12820
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...
CVE-2019-12821
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...
Design/Logic Flaw
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...
Code injection
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...
CVE-2019-12821
The CVE concerns the Shenzhen Jisiwei i3 robot vacuum cleaner’s app 2.0. A QR code used to add a device to an account encodes the device ID using a predictable pattern (JSW + six digits). An attacker can generate a QR-code with a target device ID to connect an arbitrary device and gain full acces...
CVE-2019-12821
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...
CVE-2019-12820
The CVE-2019-12820 entry concerns the Shenzhen Jisiwei i3 robot vacuum cleaner app 2.0 (Android/iOS). The vulnerability is that login and other personal information communications between the app and its server are sent over unencrypted HTTP, enabling a local-network MiTM attacker to capture cred...
CVE-2019-12820
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...