CVE-2020-10269 — CRITICAL (9.8)

Q: How severe is CVE-2020-10269?

CVE-2020-10269 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-10269?

Check the references section above for vendor advisories and patch information. Affected products include: Aliasrobotics Mir100 Firmware, Aliasrobotics Mir100, Aliasrobotics Mir200 Firmware, Aliasrobotics Mir200, Aliasrobotics Mir250 Firmware.

Vulnerability Description

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aliasrobotics	Mir100 Firmware	<= 2.8.1.1
Aliasrobotics	Mir100	-
Aliasrobotics	Mir200 Firmware	<= 2.8.1.1
Aliasrobotics	Mir200	-
Aliasrobotics	Mir250 Firmware	<= 2.8.1.1
Aliasrobotics	Mir250	-
Aliasrobotics	Mir500 Firmware	<= 2.8.1.1
Aliasrobotics	Mir500	-
Aliasrobotics	Mir1000 Firmware	<= 2.8.1.1
Aliasrobotics	Mir1000	-
Mobile-Industrial-Robotics	Er200 Firmware	<= 2.8.1.1
Mobile-Industrial-Robotics	Er200	-
Enabled-Robotics	Er-Lite Firmware	<= 2.8.1.1
Enabled-Robotics	Er-Lite	-
Enabled-Robotics	Er-Flex Firmware	<= 2.8.1.1
Enabled-Robotics	Er-Flex	-
Enabled-Robotics	Er-One Firmware	<= 2.8.1.1
Enabled-Robotics	Er-One	-
Uvd-Robots	Uvd Robots Firmware	<= 2.8.1.1
Uvd-Robots	Uvd Robots	-

Related Weaknesses (CWE)

CWE-798

References

https://github.com/aliasrobotics/RVD/issues/2566Third Party Advisory
https://github.com/aliasrobotics/RVD/issues/2566Third Party Advisory

FAQ

What is CVE-2020-10269?

CVE-2020-10269 is a vulnerability with a CVSS score of 9.8 (CRITICAL). One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wirele...

How severe is CVE-2020-10269?

CVE-2020-10269 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-10269?

Check the references section above for vendor advisories and patch information. Affected products include: Aliasrobotics Mir100 Firmware, Aliasrobotics Mir100, Aliasrobotics Mir200 Firmware, Aliasrobotics Mir200, Aliasrobotics Mir250 Firmware.