CVE-2020-10284— RVD#3321: No Authentication required to exert manual control of the robot
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-10284
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RVD#3321: No Authentication required to exert manual control of the robot
Source: NVD (National Vulnerability Database)
Vulnerability Description
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
依赖构建于封闭的安全性
Source: NVD (National Vulnerability Database)
Vulnerability Title
xarm_studio 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
xarm_studio 1.3.0版本中存在安全漏洞。攻击者可利用该漏洞无需身份验证即可控制网络内部的机器人。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| uFactory | xArm5 Lite, xArm 6 and xArm 7 | v1.5.0 and before | - |
II. Public POCs for CVE-2020-10284
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-10284
请登录查看更多情报信息。
- https://www.ufactory.cc/#/en/support/download/xarmx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-10284
Same Patch Batch · uFactory · 2020-07-15 · 3 CVEs total
| CVE-2020-10285 | RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force a | |
| CVE-2020-10286 | RVD#3323: Mismanaged permission implementation leads to privilege escalation, exfiltration |
IV. Related Vulnerabilities
Same weakness: CWE-656
- CVE-2026-7161
GeoVision GV-IP Device Utility Device Authentication insuffi - CVE-2026-42363
GeoVision GV-IP Device Utility Device Authentication insuffi - CVE-2025-59093
Insecure Password Derivation Function for Database Administr - CVE-2025-7020
BYD DiLink OS Incorrect encryption Implementation of system - CVE-2024-12297
Frontend Authorization Logic Disclosure Vulnerability
V. Comments for CVE-2020-10284
No comments yet