CVE-2020-10274 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-10274

Analyzed

More Info Official Page

Source-cve@aliasrobotics.com

Published At-24 Jun, 2020 | 05:15

Updated At-14 Sep, 2021 | 17:19

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Secondary	3.0	7.1	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Primary	2.0	5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N

Type: Primary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Type: Secondary

Version: 3.0

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Type: Primary

Version: 2.0

Base score: 5.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:N

CPE Matches

mobile-industrial-robots>>mir100_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:mobile-industrial-robots:mir100_firmware:*:*:*:*:*:*:*:*

mobile-industrial-robots>>mir100>>-

cpe:2.3:h:mobile-industrial-robots:mir100:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir200_firmware>>-

cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir200>>-

cpe:2.3:h:mobile-industrial-robots:mir200:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir250_firmware>>-

cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir250>>-

cpe:2.3:h:mobile-industrial-robots:mir250:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir500_firmware>>-

cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir500>>-

cpe:2.3:h:mobile-industrial-robots:mir500:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir1000_firmware>>-

cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir1000>>-

cpe:2.3:h:mobile-industrial-robots:mir1000:-:*:*:*:*:*:*:*

easyrobotics>>er200_firmware>>-

cpe:2.3:o:easyrobotics:er200_firmware:-:*:*:*:*:*:*:*

easyrobotics>>er200>>-

cpe:2.3:h:easyrobotics:er200:-:*:*:*:*:*:*:*

easyrobotics>>er-lite_firmware>>-

cpe:2.3:o:easyrobotics:er-lite_firmware:-:*:*:*:*:*:*:*

easyrobotics>>er-lite>>-

cpe:2.3:h:easyrobotics:er-lite:-:*:*:*:*:*:*:*

easyrobotics>>er-flex_firmware>>-

cpe:2.3:o:easyrobotics:er-flex_firmware:-:*:*:*:*:*:*:*

easyrobotics>>er-flex>>-

cpe:2.3:h:easyrobotics:er-flex:-:*:*:*:*:*:*:*

easyrobotics>>er-one_firmware>>-

cpe:2.3:o:easyrobotics:er-one_firmware:-:*:*:*:*:*:*:*

easyrobotics>>er-one>>-

cpe:2.3:h:easyrobotics:er-one:-:*:*:*:*:*:*:*

uvd-robots>>uvd_firmware>>-

cpe:2.3:o:uvd-robots:uvd_firmware:-:*:*:*:*:*:*:*

uvd-robots>>uvd>>-

cpe:2.3:h:uvd-robots:uvd:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-330	Primary	nvd@nist.gov
CWE-200	Secondary	cve@aliasrobotics.com

CWE ID: CWE-330

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-200

Type: Secondary

Source: cve@aliasrobotics.com

References

Hyperlink	Source	Resource
https://github.com/aliasrobotics/RVD/issues/2556	cve@aliasrobotics.com	Third Party Advisory

Hyperlink: https://github.com/aliasrobotics/RVD/issues/2556

Source: cve@aliasrobotics.com

Resource:

Third Party Advisory