CVE-2020-16168

Опубликовано: 07 авг. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors.

Ссылки

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Exploit
Third Party Advisory
https://www.robotemi.com/software-updates/
Vendor Advisory
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Exploit
Third Party Advisory
https://www.robotemi.com/software-updates/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:robotemi:temi_firmware:*:*:*:*:*:*:*:*

Версия до 1.3.7931 (исключая)

cpe:2.3:h:robotemi:temi:-:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-346

Связанные уязвимости

GHSA-xwx9-xrv6-2fwc