Skip to main content

Mir1000 Firmware

12 CVEs product

Monthly

CVE-2020-10280 HIGH This Week

The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10279 CRITICAL Act Now

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Privilege Escalation Mir100 Firmware Mir200 Firmware +8
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-10278 MEDIUM This Month

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
4.6
EPSS
1.0%
CVE-2020-10277 MEDIUM This Month

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-10276 CRITICAL Act Now

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-10275 CRITICAL Act Now

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-10274 HIGH This Week

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-10273 HIGH This Week

MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-10272 CRITICAL POC Act Now

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-10271 CRITICAL POC Act Now

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-10270 CRITICAL POC Act Now

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-10269 CRITICAL Act Now

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
EPSS 1% CVSS 7.5
HIGH This Week

The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Mir100 Firmware +9
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Privilege Escalation +10
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM This Month

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 1% CVSS 7.1
HIGH This Week

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware +8
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware +8
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy