CVE-2020-16170

Опубликовано: 11 авг. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.

Ссылки

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Exploit
Third Party Advisory
https://www.robotemi.com/software-updates/
Vendor Advisory
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Exploit
Third Party Advisory
https://www.robotemi.com/software-updates/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:robotemi:temi:*:*:*:*:*:android:*:*

Версия от 1.3.3 (включая) до 1.3.7931 (включая)

EPSS

Процентиль: 70%

0.00655

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-95v9-45f9-x3wp