RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point
CVE-2020-10269

9.8CRITICAL

Key Information:

Vendor: Mobile Industrial Robots A/s
Status: Mir100
Vendor: CVE Published:; 24 June 2020

🔔 Create Mobile Industrial Robots A/s Vulnerability Alert

What is CVE-2020-10269?

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MiR100 v2.8.1.1 and before

References

https://github.com/aliasrobotics/RVD/issues/2566

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2020
Vulnerability Reserved
Mar 10, 2020

Credit

Bernhard Dieber (Joanneum Research), Alias Robotics (https://aliasrobotics.com/)

JSON

Mobile Industrial Robots A/s

What is CVE-2020-10269?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.