Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor maps)
Vulnerability Description
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Mobile Industrial Robots MiR100 安全特征问题漏洞
Vulnerability Description
Mobile Industrial Robots MiR100是MiR的一个应用软件。一款安全、经济高效的移动机器人,可快速实现内部运输和物流的自动化。 Mobile Industrial Robots MiR100存在安全特征问题漏洞。攻击者可利用该漏洞(以及CNNVD-202006-1665)连接到机器人网络,获取全部存储的数据以及机器人数据库中的相关元数据。以下产品及版本受到影响:使用2.8.1.1及之前版本固件的Mobile Industrial Robots MiR100;Mobile Indu
CVSS Information
N/A
Vulnerability Type
N/A