Skip to main content

Xarm 5 Lite Firmware

2 CVEs product

Monthly

CVE-2020-10286 HIGH This Week

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm 5 Lite Firmware Xarm 6 Firmware Xarm 7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-10285 CRITICAL Act Now

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm 5 Lite Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 8.8
HIGH This Week

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm 5 Lite Firmware Xarm 6 Firmware +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm 5 Lite Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy