9.8

CVE-2020-10269

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000.

Data is provided by the National Vulnerability Database (NVD)
AliasroboticsMir100 Firmware Version <= 2.8.1.1
   AliasroboticsMir100 Version-
AliasroboticsMir200 Firmware Version <= 2.8.1.1
   AliasroboticsMir200 Version-
AliasroboticsMir250 Firmware Version <= 2.8.1.1
   AliasroboticsMir250 Version-
AliasroboticsMir500 Firmware Version <= 2.8.1.1
   AliasroboticsMir500 Version-
AliasroboticsMir1000 Firmware Version <= 2.8.1.1
   AliasroboticsMir1000 Version-
Enabled-roboticsEr-lite Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-lite Version-
Enabled-roboticsEr-flex Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-flex Version-
Enabled-roboticsEr-one Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-one Version-
Uvd-robotsUvd Robots Firmware Version <= 2.8.1.1
   Uvd-robotsUvd Robots Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.31% 0.507
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
cve@aliasrobotics.com 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.