CVE-2020-10274

Published Jun 24, 2020

Last updated 3 years ago

CVSS high 7.1

Overview

Description: The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.
Source: cve@aliasrobotics.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-330
cve@aliasrobotics.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mobile-industrial-robots:mir100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C1ED80A-1AE1-4868-AD13-F37079F69B60",
            "versionEndIncluding": "2.8.1.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mobile-industrial-robots:mir100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "11F1060F-0F43-4920-A05D-593E784B1A0B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E52858B-51DE-44BC-A4BB-D199F1281D72"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mobile-industrial-robots:mir200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B0F7F08-D5D5-4DA8-B2B2-5EA2997AEE3D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F19DD45-1C6E-498C-A961-5EDB4823B12C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mobile-industrial-robots:mir250:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "44C6FCBE-E111-419E-8F8D-2F4702D821BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C63DB5B-961D-4FDD-AB12-01DC24AFC0B9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mobile-industrial-robots:mir500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E2BC5C9E-1AF3-4009-844E-6E64E4D766A8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "171A2B04-114B-4C5F-9F2C-515A1E37F300"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mobile-industrial-robots:mir1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C86EB588-CD48-456B-90C6-C482636508AE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:easyrobotics:er200_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42AB077F-A829-4A9F-8AFF-CBC9222EAE55"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:easyrobotics:er200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C275F303-4494-4C06-95CC-8969E01F8ADA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:easyrobotics:er-lite_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68599AB3-679D-4E86-B8F4-7939A0373EA2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:easyrobotics:er-lite:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "53543812-4D0D-4191-8B21-803D2F9790B6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:easyrobotics:er-flex_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1252DDB6-D090-499B-B505-E17625DB88AC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:easyrobotics:er-flex:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D84C826-05A4-44A6-BD12-77805A993A5D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:easyrobotics:er-one_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29230027-8A11-48CA-A4E5-63953EB7CAE3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:easyrobotics:er-one:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C7FFA6B9-1A77-4C25-8120-6844B8700527"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:uvd-robots:uvd_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C870ABF-C324-442E-9738-025397CB3C47"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:uvd-robots:uvd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87684074-A107-4FE3-A840-C5CB3B8025AC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References