What is CVE-2020-10275?

CVE-2020-10275 is a critical-severity vulnerability in Mobile Industrial Robots A/s Mir100, classified under Weak Encoding for Password. CVSS score: 9.8/10. Published 2020-06-24.

How severe is CVE-2020-10275?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Mobile Industrial Robots A/s Mir100

CVE-2020-10275

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD))…

EPSS: 0.002 (38.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mobile Industrial Robots A/s Mir100 — versions v2.8.1.1 and before

Weakness classification (CWE)

CWE-261 — Weak Encoding for Password

References

github.com/aliasrobotics/RVD/issues/2565 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-10275?: CVE-2020-10275 is a critical-severity vulnerability in Mobile Industrial Robots A/s Mir100, classified under Weak Encoding for Password. CVSS score: 9.8/10. Published 2020-06-24.
How severe is CVE-2020-10275?: Critical severity. CVSS v3 base score is 9.8 out of 10.