Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.
References
Link | Resource |
---|---|
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/ | Third Party Advisory |
https://www.robotemi.com/software-updates/ | Vendor Advisory |
Configurations
Information
Published : 2020-08-11 13:15
Updated : 2020-09-02 12:15
NVD link : CVE-2020-16170
Mitre link : CVE-2020-16170
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
robotemi
- temi