How severe is CVE-2019-12821?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2019-12821?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2019-12821 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containing information about the device ID, it is possible to connect an arbitrary device and gain full access to it. The device ID has an initial "JSW" substring followed by a six digit number that depends on the specific device.

Related Vulnerabilities

CVE-2018-19441

MEDIUM

CVSS:4.7(Medium)

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for loca...

CWE-3302018

CVE-2022-29330

MEDIUM

CVSS:4.9(Medium)

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecifie...

CWE-3302022

CVE-2021-27884

MEDIUM

CVSS:5.1(Medium)

Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.

CWE-3302021

CVE-2020-0407

MEDIUM

CVSS:4.4(Medium)

In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are ...

CWE-3302020

CVE-2021-28099

MEDIUM

CVSS:4.4(Medium)

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source...

CWE-3302021

CVE-2010-3666

MEDIUM

CVSS:5.3(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.

CWE-3302010