VYPR

CLOCK

by VOBOT

CVEs (3)

  • CVE-2018-6825CriFeb 9, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access.

  • CVE-2018-6827HigFeb 9, 2018
    risk 0.53cvss 8.1epss 0.01

    VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a…

  • CVE-2018-6826HigFeb 9, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a…