The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
24/06/2020
by Mobile-Industrial-Robots
3 years ago
by Mobile-Industrial-Robots
3 years ago
by Mobile-Industrial-Robots
3 years ago
by Mobile-Industrial-Robots
3 years ago
by Mobile-Industrial-Robots
3 years ago
by Easyrobotics
3 years ago
by Easyrobotics
3 years ago
by Easyrobotics
3 years ago
by Easyrobotics
3 years ago
by Uvd-Robots
3 years ago