Ufactory: >> Xarm 5 Lite Firmware >> 1.5.0 Security Vulnerabilities
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
CVSS Score
9.4
EPSS Score
0.002
Published
2020-07-15
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.
CVSS Score
9.4
EPSS Score
0.004
Published
2020-07-15