RVD#37: Insecure Storage Exposing

[aliasbot]

{
    "id": 37,
    "title": "RVD#37: Insecure Storage Exposing",
    "type": "vulnerability",
    "description": "Exposing unencrypted storage cards such as SD Cards could allow attackers to change robot actions or any other downloadable content that is stored on this card.The android application from UBTech Alpha 2 does not remove the QR code generated from the SDCard once generated during the first robot pairing. This code contains the WiFi password that is configured on the robot.The SD card contains the pairing QR code with the robot's Wi-Fi password in plaintext. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
    "cwe": "CWE-Plaintext Storage of a Password (CWE-256)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: Alpha 2",
        "severity: high",
        "state: new",
        "vendor: UBTech Robotics",
        "vulnerability"
    ],
    "system": "Alpha 2",
    "vendor": "UBTech Robotics",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:PP/AC:L/PR:N/UI:R/Y:T/S:C/C:L/I:L/A:N/H:H",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/37"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-03-01",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-03-01",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/37",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.