2 matches found
CVE-2020-16170
Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors...
CVE-2020-16170
CVE-2020-16170,CVSS 8.2, arises from hard-coded Agora App ID in temi RoboX/phone apps, enabling brute-force joining of any ongoing tema calls by iterating channel IDs (six-digit session IDs). Root cause: App ID embedded in client code; lack of token protection for channel. Exploitation demonstrat...