CVE-2020-16169

Опубликовано: 07 авг. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified vectors.

Ссылки

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Exploit
Third Party Advisory
https://www.robotemi.com/software-updates/
Vendor Advisory
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Exploit
Third Party Advisory
https://www.robotemi.com/software-updates/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:robotemi:robox_os:*:*:*:*:*:*:*:*

Версия от 117.21 (включая) до 119.24 (включая)

EPSS

Процентиль: 66%

0.00523

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-f84c-pj2g-x4f3

github

больше 3 лет назад

Temi Robox OS 117.21 through 119.24 allows Authentication Bypass via an Alternate Path or Channel.