Filtered by CWE-656
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-10277 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots 20 Er-flex, Er-flex Firmware, Er-lite and 17 more 2024-09-17 6.4 Medium
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.
CVE-2020-10286 1 Ufactory 6 Xarm 5 Lite, Xarm 5 Lite Firmware, Xarm 6 and 3 more 2024-09-17 8.8 High
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
CVE-2020-10284 1 Ufactory 1 Xarm Studio 2024-09-16 9.1 Critical
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
CVE-2024-5244 2024-08-01 N/A
TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439.