CVE-2020-10278— RVD#2561: Unprotected BIOS allows user to boot from live OS image.

EPSS 0.22% · P45 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-10278

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

RVD#2561: Unprotected BIOS allows user to boot from live OS image.

Source: NVD (National Vulnerability Database)

Vulnerability Description

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

访问控制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mobile Industrial Robots MiR100 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Mobile Industrial Robots MiR100是MiR的一个应用软件。一款安全、经济高效的移动机器人，可快速实现内部运输和物流的自动化。 Mobile Industrial Robots MiR100 存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。以下产品及版本受到影响：使用2.8.1.1及之前版本固件的Alias Robotics MiR100；使用2.8.1.1及之前版本固件的Alias Robotics MiR200；使用2.8.1.1及之前版本固件

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Mobile Industrial Robots A/S	MiR100	v2.8.1.1 and before	-

II. Public POCs for CVE-2020-10278

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-10278

请登录查看更多情报信息。

https://github.com/aliasrobotics/RVD/issues/2561x_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2020-10278

Same Patch Batch · Mobile Industrial Robots A/S · 2020-06-24 · 12 CVEs total

CVE-2020-10269		RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point
CVE-2020-10270		RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard
CVE-2020-10271		RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poor
CVE-2020-10272		RVD#2554: MiR ROS computational graph presents no authentication mechanisms
CVE-2020-10273		RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers
CVE-2020-10274		RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor
CVE-2020-10275		RVD#2565: Weak token generation for the REST API.
CVE-2020-10276		RVD#2558: Default credentials on SICK PLC allows disabling safety features
CVE-2020-10277		RVD#2562: Booting from a live image leads to exfiltration of sensible information and priv
CVE-2020-10279		RVD#2569: Insecure operating system defaults in MiR robots
CVE-2020-10280		RVD#2568: Apache server is vulnerable to a DoS

IV. Related Vulnerabilities

Same product: MiR100

Same vendor: Mobile Industrial Robots A/S

Same weakness: CWE-284

V. Comments for CVE-2020-10278

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-10278— RVD#2561: Unprotected BIOS allows user to boot from live OS image.

I. Basic Information for CVE-2020-10278

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-10278

III. Intelligence Information for CVE-2020-10278

Same Patch Batch · Mobile Industrial Robots A/S · 2020-06-24 · 12 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-10278

Leave a comment