VYPR

SmartRobot

by Intumit

CVEs (4)

  • CVE-2024-2413CriMar 13, 2024
    risk 0.64cvss 9.8epss 0.01

    Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and…

  • CVE-2024-0552CriJan 15, 2024
    risk 0.64cvss 9.8epss 0.01

    Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server.

  • CVE-2025-3572HigApr 14, 2025
    risk 0.49cvss 7.5epss 0.00

    SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.

  • CVE-2024-8776MedSep 16, 2024
    risk 0.40cvss 6.1epss 0.00

    SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.