Open
Description
{
"id": 37,
"title": "RVD#37: Insecure Storage Exposing",
"type": "vulnerability",
"description": "Exposing unencrypted storage cards such as SD Cards could allow attackers to change robot actions or any other downloadable content that is stored on this card.The android application from UBTech Alpha 2 does not remove the QR code generated from the SDCard once generated during the first robot pairing. This code contains the WiFi password that is configured on the robot.The SD card contains the pairing QR code with the robot's Wi-Fi password in plaintext. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Plaintext Storage of a Password (CWE-256)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Alpha 2",
"severity: high",
"state: new",
"vendor: UBTech Robotics",
"vulnerability"
],
"system": "Alpha 2",
"vendor": "UBTech Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:PP/AC:L/PR:N/UI:R/Y:T/S:C/C:L/I:L/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/37"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/37",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}