Ufactory: >> Xarm 5 Lite Firmware Security Vulnerabilities
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
CVSS Score
9.4
EPSS Score
0.002
Published
2020-07-15
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.
CVSS Score
9.4
EPSS Score
0.004
Published
2020-07-15