HIGH🇵🇱 Wersja polska

CVE-2020-10274

CVSS 7.1v3.1pub. 2020-06-24upd. 2024-11-21

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
  • Easyrobotics Er200

    HW
    Easyrobotics
    wszystkie wersje
  • Easyrobotics Er200 Firmware

    OS
    Easyrobotics
    wszystkie wersje
  • Easyrobotics Er Flex

    HW
    Easyrobotics
    wszystkie wersje
  • Easyrobotics Er Flex Firmware

    OS
    Easyrobotics
    wszystkie wersje
  • Easyrobotics Er Lite

    HW
    Easyrobotics
    wszystkie wersje
  • Easyrobotics Er Lite Firmware

    OS
    Easyrobotics
    wszystkie wersje
  • Easyrobotics Er One

    HW
    Easyrobotics
    wszystkie wersje
  • Easyrobotics Er One Firmware

    OS
    Easyrobotics
    wszystkie wersje
  • Mobile Industrial Robots Mir100

    HW
    Mobile-Industrial-Robots
    wszystkie wersje
  • Mobile Industrial Robots Mir1000

    HW
    Mobile-Industrial-Robots
    wszystkie wersje
  • Mobile Industrial Robots Mir1000 Firmware

    OS
    Mobile-Industrial-Robots
    wszystkie wersje
  • Mobile Industrial Robots Mir100 Firmware

    OS
    Mobile-Industrial-Robots
    ≤ 2.8.1.1
  • Mobile Industrial Robots Mir200

    HW
    Mobile-Industrial-Robots
    wszystkie wersje
  • Mobile Industrial Robots Mir200 Firmware

    OS
    Mobile-Industrial-Robots
    wszystkie wersje
  • Mobile Industrial Robots Mir250

    HW
    Mobile-Industrial-Robots
    wszystkie wersje
  • Mobile Industrial Robots Mir250 Firmware

    OS
    Mobile-Industrial-Robots
    wszystkie wersje
  • Mobile Industrial Robots Mir500

    HW
    Mobile-Industrial-Robots
    wszystkie wersje
  • Mobile Industrial Robots Mir500 Firmware

    OS
    Mobile-Industrial-Robots
    wszystkie wersje
  • Uvd Robots Uvd

    HW
    Uvd-Robots
    wszystkie wersje
  • Uvd Robots Uvd Firmware

    OS
    Uvd-Robots
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-10275CRITICAL9.8ten sam produkt

The access tokens for the REST API are directly derived from the publicly available default credentials for th...

CVE-2020-10276CRITICAL9.8ten sam produkt

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipul...

CVE-2020-10280HIGH7.5ten sam produkt

The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP he...

CVE-2020-10277MEDIUM6.4ten sam produkt

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extrac...

CVE-2020-10269CRITICAL9.8ten sam vendor

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet ve...