Skip to main content

Smartrobot

5 CVEs product

Monthly

CVE-2025-3572 HIGH This Week

SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smartrobot Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-12652 CRITICAL Act Now

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Smartrobot
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-8776 MEDIUM This Month

SmartRobot by INTUMIT contains a reflected cross-site scripting (XSS) vulnerability in an insufficiently validated page parameter that allows unauthenticated remote attackers to inject malicious JavaScript code. An attacker can craft a malicious URL and trick users into clicking it, enabling session hijacking, credential theft, or malware distribution. With a CVSS score of 6.1 and EPSS score of 0.18% (39th percentile), the vulnerability is of moderate severity with relatively low current exploitation probability, though the low attack complexity and lack of authentication requirements make it practically exploitable.

XSS Smartrobot
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-2413 CRITICAL Act Now

A critical authentication bypass vulnerability exists in Intumit SmartRobot due to the use of a hard-coded encryption key. Remote unauthenticated attackers can leverage this fixed key to forge authentication tokens by encrypting user credentials and timestamps, gaining full administrative access to the system. Once authenticated, attackers can execute arbitrary code on the server through built-in system functionality, achieving complete system compromise.

RCE Smartrobot
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-0552 CRITICAL Act Now

A remote code execution vulnerability exists in Intumit SmartRobot's web framework that allows unauthenticated attackers to execute arbitrary commands on the server without any user interaction. The vulnerability carries a critical CVSS score of 9.8 and is tagged as an RCE, though there is no indication of active exploitation in the wild (not in KEV) or public proof-of-concept availability. The Taiwan CERT has issued an advisory for this vulnerability affecting all versions of the SmartRobot platform.

RCE Command Injection Smartrobot
NVD
CVSS 3.1
9.8
EPSS
0.8%
EPSS 0% CVSS 7.5
HIGH This Week

SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smartrobot Red Hat
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Smartrobot
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SmartRobot by INTUMIT contains a reflected cross-site scripting (XSS) vulnerability in an insufficiently validated page parameter that allows unauthenticated remote attackers to inject malicious JavaScript code. An attacker can craft a malicious URL and trick users into clicking it, enabling session hijacking, credential theft, or malware distribution. With a CVSS score of 6.1 and EPSS score of 0.18% (39th percentile), the vulnerability is of moderate severity with relatively low current exploitation probability, though the low attack complexity and lack of authentication requirements make it practically exploitable.

XSS Smartrobot
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A critical authentication bypass vulnerability exists in Intumit SmartRobot due to the use of a hard-coded encryption key. Remote unauthenticated attackers can leverage this fixed key to forge authentication tokens by encrypting user credentials and timestamps, gaining full administrative access to the system. Once authenticated, attackers can execute arbitrary code on the server through built-in system functionality, achieving complete system compromise.

RCE Smartrobot
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A remote code execution vulnerability exists in Intumit SmartRobot's web framework that allows unauthenticated attackers to execute arbitrary commands on the server without any user interaction. The vulnerability carries a critical CVSS score of 9.8 and is tagged as an RCE, though there is no indication of active exploitation in the wild (not in KEV) or public proof-of-concept availability. The Taiwan CERT has issued an advisory for this vulnerability affecting all versions of the SmartRobot platform.

RCE Command Injection Smartrobot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy