7.1
CVE-2020-10274
- EPSS 0.28%
- Published 24.06.2020 05:15:13
- Last modified 21.11.2024 04:55:06
- Source cve@aliasrobotics.com
- Teams watchlist Login
- Open Login
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.
Data is provided by the National Vulnerability Database (NVD)
Mobile-industrial-robots ≫ Mir100 Firmware Version <= 2.8.1.1
Mobile-industrial-robots ≫ Mir200 Firmware Version-
Mobile-industrial-robots ≫ Mir250 Firmware Version-
Mobile-industrial-robots ≫ Mir500 Firmware Version-
Mobile-industrial-robots ≫ Mir1000 Firmware Version-
Easyrobotics ≫ Er200 Firmware Version-
Easyrobotics ≫ Er-lite Firmware Version-
Easyrobotics ≫ Er-flex Firmware Version-
Easyrobotics ≫ Er-one Firmware Version-
Uvd-robots ≫ Uvd Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.483 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
| cve@aliasrobotics.com | 7.1 | 2.8 | 4.2 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.