Vulnerability Description
The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mobile-Industrial-Robots | Mir100 Firmware | <= 2.8.1.1 |
| Mobile-Industrial-Robots | Mir100 | - |
| Mobile-Industrial-Robots | Mir200 Firmware | - |
| Mobile-Industrial-Robots | Mir200 | - |
| Mobile-Industrial-Robots | Mir250 Firmware | - |
| Mobile-Industrial-Robots | Mir250 | - |
| Mobile-Industrial-Robots | Mir500 Firmware | - |
| Mobile-Industrial-Robots | Mir500 | - |
| Mobile-Industrial-Robots | Mir1000 Firmware | - |
| Mobile-Industrial-Robots | Mir1000 | - |
| Easyrobotics | Er200 Firmware | - |
| Easyrobotics | Er200 | - |
| Easyrobotics | Er-Lite Firmware | - |
| Easyrobotics | Er-Lite | - |
| Easyrobotics | Er-Flex Firmware | - |
| Easyrobotics | Er-Flex | - |
| Easyrobotics | Er-One Firmware | - |
| Easyrobotics | Er-One | - |
| Uvd-Robots | Uvd Firmware | - |
| Uvd-Robots | Uvd | - |
Related Weaknesses (CWE)
References
- https://github.com/aliasrobotics/RVD/issues/2568Third Party Advisory
- https://github.com/aliasrobotics/RVD/issues/2568Third Party Advisory
FAQ
What is CVE-2020-10280?
CVE-2020-10280 is a vulnerability with a CVSS score of 7.5 (HIGH). The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard.
How severe is CVE-2020-10280?
CVE-2020-10280 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10280?
Check the references section above for vendor advisories and patch information. Affected products include: Mobile-Industrial-Robots Mir100 Firmware, Mobile-Industrial-Robots Mir100, Mobile-Industrial-Robots Mir200 Firmware, Mobile-Industrial-Robots Mir200, Mobile-Industrial-Robots Mir250 Firmware.