Vulnerability Details : CVE-2020-16168
Potential exploit
Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors.
Products affected by CVE-2020-16168
- cpe:2.3:o:robotemi:temi_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-16168
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-16168
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-16168
-
The product does not properly verify that the source of data or communication is valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-16168
-
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Call an Exorcist! My Robot’s Possessed! | McAfee BlogsExploit;Third Party Advisory
-
https://www.robotemi.com/software-updates/
Software Updates - temi robotVendor Advisory
Jump to