RVD#69: Information exposure of Rovio and Spykee

[aliasbot]

{
    "id": 69,
    "title": "RVD#69: Information exposure of Rovio and Spykee",
    "type": "vulnerability",
    "description": "The SSID advertised by the robots are distinctive. If the robots are connected to the home network, the robots' MAC addresses also leak information about their presence to wireless attackers. Even if the network is encrypted using WEP, WPA or WPA2. A remote attacker can also determine the presence of a Rovio or a Spykee by actively probing the robot's home network. A query to port 80 offers distinctive results. It will be detected by its response to remote control requests on TCP port 9001. \r\n Credits to: Tamara Denning, Cynthia Matuszek, Karl Koscher, Joshua R. Smith, and Tadayoshi Kohno",
    "cwe": "CWE-Information Disclosure (CWE-200)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: Rovio",
        "robot: Spykee",
        "severity: critical",
        "state: new",
        "vendor: WowWee",
        "vulnerability"
    ],
    "system": "Rovio",
    "vendor": "WowWee",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:M/S:U/C:H/I:N/A:N/H:N",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/69"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2009-09-30",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2009-09-30",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/69",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.