VYPR
Vendor

Ufactory

Products
3
CVEs
3
Across products
4
Status
Private

Products

3

Recent CVEs

3
  • CVE-2020-10285CriJul 15, 2020
    risk 0.64cvss 9.8epss 0.01

    The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.

  • CVE-2020-10284CriJul 15, 2020
    risk 0.59cvss 9.1epss 0.01

    No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by…

  • CVE-2020-10286HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.01

    the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.