FKIE_CVE-2020-10269
Vulnerability from fkie_nvd - Published: 2020-06-24 05:15 - Updated: 2024-11-21 04:55
Severity ?
Summary
One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000.
References
| URL | Tags | ||
|---|---|---|---|
| cve@aliasrobotics.com | https://github.com/aliasrobotics/RVD/issues/2566 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aliasrobotics/RVD/issues/2566 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDEDA2D-26AB-4F23-B672-D0C89A7BEFB9",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0989373-02AB-4E05-BAC2-0522A641D73A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E261B1-C56F-4428-9D53-5BBCCACEAFCF",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF40B1F-0DD2-4B8A-BFBA-A7E641DC3316",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "877EEDC4-E86F-420D-81C6-3F632C787003",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1AE2A0-D83D-441B-856B-7E6FAB065C0D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335CA5FE-5AFD-4D49-9A88-1CD71C9281BE",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F57611E0-5CB2-40FD-8420-ED13A1C4863F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6865A559-8CA9-4F51-AC43-35BDF5201B91",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04043B16-E401-4D2C-9812-71923CEA2716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mobile-industrial-robotics:er200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39BD42AA-95E1-4A02-BB9D-C54AE6BAF9B2",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mobile-industrial-robotics:er200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A47E5E-7754-47EA-B02D-8A7F54124ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E5CFB-6C15-4BB1-97D8-DD52F68190DD",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "472A560B-547D-4C9F-BE86-ED602FA32799",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-flex_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5528AFD-75DF-4296-9A29-4BD00AB76273",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-flex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654488E4-161E-40B5-9E0B-BE68F5F38E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-one_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6E62F4-9C15-49AA-BFB7-81443D40B9B9",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB77317-78C0-4800-8E1D-498979B6CB06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:uvd-robots:uvd_robots_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7452D74-36A5-4C87-AA20-8E9A80724EAA",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:uvd-robots:uvd_robots:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ACEB-1184-47AB-86E4-732DA183E8AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000."
},
{
"lang": "es",
"value": "Una de las interfaces inal\u00e1mbricas dentro de MiR100, MiR200 y posiblemente (seg\u00fan el proveedor) otros veh\u00edculos de MiR fleet viene preconfigurada en modo WiFi Master (Punto de Acceso). Las credenciales de dicho Punto de Acceso inal\u00e1mbrico presenta por defecto un SSID bien conocido y ampliamente difundido (MiR_RXXXX) y contrase\u00f1as (omitidas). Esta informaci\u00f3n tambi\u00e9n est\u00e1 disponible en Gu\u00edas de Usuario y manuales anteriores que el proveedor ha distribuido. Hemos confirmado este fallo en MiR100 y MiR200 pero tambi\u00e9n podr\u00eda aplicarse a MiR250, MiR500 y MiR1000"
}
],
"id": "CVE-2020-10269",
"lastModified": "2024-11-21T04:55:06.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve@aliasrobotics.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-24T05:15:12.647",
"references": [
{
"source": "cve@aliasrobotics.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2566"
}
],
"sourceIdentifier": "cve@aliasrobotics.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "cve@aliasrobotics.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…