Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-10269— RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point

EPSS 0.30% · P54
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-10269

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point
Source: NVD (National Vulnerability Database)
Vulnerability Description
One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mobile Industrial Robots MiR100信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mobile Industrial Robots MiR100是MiR的一个应用软件。一款安全、经济高效的移动机器人,可快速实现内部运输和物流的自动化。 Mobile Industrial Robots MiR100 存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。以下产品及版本受到影响:使用2.8.1.1及之前版本固件的Alias Robotics MiR100;使用2.8.1.1及之前版本固件的Alias Robo
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Mobile Industrial Robots A/SMiR100 v2.8.1.1 and before -

II. Public POCs for CVE-2020-10269

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-10269

登录查看更多情报信息。

Same Patch Batch · Mobile Industrial Robots A/S · 2020-06-24 · 12 CVEs total

CVE-2020-10270RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard
CVE-2020-10271RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poor
CVE-2020-10272RVD#2554: MiR ROS computational graph presents no authentication mechanisms
CVE-2020-10273RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers
CVE-2020-10274RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor
CVE-2020-10275RVD#2565: Weak token generation for the REST API.
CVE-2020-10276RVD#2558: Default credentials on SICK PLC allows disabling safety features
CVE-2020-10277RVD#2562: Booting from a live image leads to exfiltration of sensible information and priv
CVE-2020-10278RVD#2561: Unprotected BIOS allows user to boot from live OS image.
CVE-2020-10279RVD#2569: Insecure operating system defaults in MiR robots
CVE-2020-10280RVD#2568: Apache server is vulnerable to a DoS

IV. Related Vulnerabilities

Same product: MiR100
Same vendor: Mobile Industrial Robots A/S
Same weakness: CWE-798

V. Comments for CVE-2020-10269

No comments yet

Leave a comment