Vulnerability Details : CVE-2020-16167
Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors.
Products affected by CVE-2020-16167
- cpe:2.3:o:robotemi:launcher_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-16167
1.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-16167
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST |
CWE ids for CVE-2020-16167
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-16167
-
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Call an Exorcist! My Robot’s Possessed! | McAfee BlogsExploit;Third Party Advisory
-
https://www.robotemi.com/software-updates/
Software Updates - temi robotVendor Advisory
Jump to