7.5
CVE-2023-3104
- EPSS 0.55%
- Veröffentlicht 22.11.2023 12:15:22
- Zuletzt bearbeitet 21.11.2024 08:16:27
- Quelle cve-coordination@incibe.es
- CVE-Watchlists
- Unerledigt
LoginMissing Authentication for Critical Function in Unitree Robotics A1
Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Unitree ≫ A1 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.415 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| cve-coordination@incibe.es | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1