Vgo Firmware
CVE-2018-8866
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection.
AnalysisAI
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection. Affected products include: Vecna Vgo Firmware. Version information: prior to 3.0.3.52164.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
More in Vgo Firmware
View allIf an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated critical sever
VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated high severity (CVSS 8.8), this vulnerability is remotely exploita
If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated medium severity (CVSS 6
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjace
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today