CVE-2020-10270
published 2020-06-24CVE-2020-10270: Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.66%
73.6th percentile
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aliasrobotics | mir1000_firmware | <= 2.8.1.1 | — |
| aliasrobotics | mir100_firmware | <= 2.8.1.1 | — |
| aliasrobotics | mir200_firmware | <= 2.8.1.1 | — |
| aliasrobotics | mir250_firmware | <= 2.8.1.1 | — |
| aliasrobotics | mir500_firmware | <= 2.8.1.1 | — |
| enabled-robotics | er-flex_firmware | <= 2.8.1.1 | — |
| enabled-robotics | er-lite_firmware | <= 2.8.1.1 | — |
| enabled-robotics | er-one_firmware | <= 2.8.1.1 | — |
| mobile-industrial-robotics | er200_firmware | <= 2.8.1.1 | — |
| mobile-industrial-robots | mir100_firmware | <= 2.8.1.1 | — |
| mobile_industrial_robots_a | s_mir100 | — | — |
| uvd-robots | uvd_robots_firmware | <= 2.8.1.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3vvj-p2p8-pchq: Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on
ghsa_unreviewed·2022-05-24
CVE-2020-10270 [MEDIUM] GHSA-3vvj-p2p8-pchq: Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendo
GHSA
GHSA-8839-62pg-36q3: The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2020-10274 [CRITICAL] CWE-330 GHSA-8839-62pg-36q3: The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.
No detection rules found.
No public exploits indexed.
2020-06-24
Published