Lucene search

[email protected]NVD:CVE-2020-16170

HistoryAug 11, 2020 - 8:15 p.m.

CVE-2020-16170

2020-08-1120:15:13

CWE-798

[email protected]

web.nvd.nist.gov

hard-coded credentials

temi robox os

android app

remote attackers

eavesdropping

brute-force.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.023

Percentile

89.8%

JSON

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.

Affected configurations

Nvd

Node

robotemitemiRange1.3.3–1.3.7931android

VendorProductVersionCPE
robotemitemi*cpe:2.3:a:robotemi:temi:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
robotemi	temi	*	cpe:2.3:a:robotemi:temi::::::android::*

References

www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/

www.robotemi.com/software-updates/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.023

Percentile

89.8%

JSON

Related for NVD:CVE-2020-16170

cvelist1 cve1 prion1 trellix2