search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
179 stars 31 forks source link

RVD#35: Pepper's head plastic lid can be easily removed to access the LAN port #35

Closed aliasbot closed 4 years ago

aliasbot commented 6 years ago 
{
    "id": 35,
    "title": "RVD#35: Pepper's head plastic lid can be easily removed to access the LAN port",
    "type": "vulnerability",
    "description": "Pepper's head plastic lid can be easily removed to access the LAN port. Port allows access to robot network services.Access to robot's network services can be achieved through these ports. Connecting an Ethernet cable allows sending commands/messages to robot services that are available through this interface. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
    "cwe": "CWE-Command Injection - Generic (CWE-77)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: Pepper",
        "severity: high",
        "state: new",
        "vendor: SoftBank Robotics",
        "vulnerability"
    ],
    "system": "Pepper",
    "vendor": "SoftBank Robotics",
    "severity": {
        "rvss-score": "8.4",
        "rvss-vector": "RVSS:1.0/AV:PP/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:N/H:H",
        "severity-description": "high",
        "cvss-score": 4.2,
        "cvss-vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/35"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-03-01",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-03-01",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/35",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}
github-actions[bot] commented 5 years ago

Feedback (automatically generated):

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

github-actions[bot] commented 5 years ago

Feedback (automatically generated):

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

glerapic commented 4 years ago

A special tool shaped like a two-pronged key is required to remove the plastic lid in a non invasive way. The claim about the ethernet port is sustained, but since the underlying reason of this ticket to be is the ease of head lid removal, i do not deem this valid. Closing this.

source:https://community.ald.softbankrobotics.com/ja/node/2238