Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RVD#2565: Weak token generation for the REST API.
Vulnerability Description
The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data.
CVSS Information
N/A
Vulnerability Type
口令使用弱密码学算法
Vulnerability Title
Mobile Industrial Robots MiR100 加密问题漏洞
Vulnerability Description
Mobile Industrial Robots MiR100是MiR的一个应用软件。一款安全、经济高效的移动机器人,可快速实现内部运输和物流的自动化。 Mobile Industrial Robots MiR100 存在加密问题漏洞。攻击者可借助默认凭据利用该漏洞计算出令牌并与REST API进行交互。以下产品及版本受到影响:使用2.8.1.1及之前版本固件的Mobile Industrial Robots MiR100;Mobile Industrial Robots MiR200;Mobile In
CVSS Information
N/A
Vulnerability Type
N/A