How severe is CVE-2019-12820?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2019-12820?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2019-12820 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, the login request is being sent in cleartext. The vulnerability exists in both the Android and iOS version of the app. An attacker could exploit this by using an MiTM attack on the local network to obtain someone's login credentials, which gives them full access to the robot vacuum cleaner.

Related Vulnerabilities

CVE-2025-22493

MEDIUM

CVSS:5.6(Medium)

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connect...

CWE-3192025

CVE-2007-5626

MEDIUM

CVSS:5.5(Medium)

make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows contex...

CWE-3192007

CVE-2010-4177

MEDIUM

CVSS:5.5(Medium)

mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.

CWE-3192010

CVE-2012-1257

MEDIUM

CVSS:5.5(Medium)

Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.

CWE-3192012

CVE-2017-6410

MEDIUM

CVSS:5.5(Medium)

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, ...

CWE-3192017

CVE-2017-7143

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwo...

CWE-3192017