CVE-2020-16167

Опубликовано: 07 авг. 2020

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors.

Ссылки

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Exploit
Third Party Advisory
https://www.robotemi.com/software-updates/
Vendor Advisory
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Exploit
Third Party Advisory
https://www.robotemi.com/software-updates/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:robotemi:launcher_os:*:*:*:*:*:*:*:*

Версия от 11969 (включая) до 13146 (включая)

EPSS

Процентиль: 65%

0.00494

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-qp4w-65rx-2h9g

github

больше 3 лет назад

Temi Launcher OS 11969 through 13146 has Missing Authentication for a Critical Function.