CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 4:25 p.m.•3 views

CVE-2020-16169

Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified...

9.8CVSS7.4AI score0.00523EPSS

RedhatCVE•added 2025/05/22 4:25 p.m.•6 views

CVE-2020-16168

Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors...

6.5CVSS7AI score0.00145EPSS

RedhatCVE•added 2025/05/22 3:15 p.m.•3 views

CVE-2020-16170

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors...

7.5CVSS7AI score0.0041EPSS

NVD•added 2020/08/11 8:15 p.m.•9 views

CVE-2020-16170

7.5CVSS7.4AI score0.0041EPSS

Prion•added 2020/08/11 8:15 p.m.•16 views

Hardcoded credentials

5CVSS7.4AI score0.0041EPSS

CVE•added 2020/08/11 7:16 p.m.•57 views

CVE-2020-16170

CVE-2020-16170,CVSS 8.2, arises from hard-coded Agora App ID in temi RoboX/phone apps, enabling brute-force joining of any ongoing tema calls by iterating channel IDs (six-digit session IDs). Root cause: App ID embedded in client code; lack of token protection for channel. Exploitation demonstrat...

7.5CVSS7.3AI score0.0041EPSS

Cvelist•added 2020/08/11 7:16 p.m.•14 views

CVE-2020-16170

7.4AI score0.0041EPSS

Positive Technologies•added 2020/08/11 12:0 a.m.•2 views

PT-2020-14791 · Temi · Temi Robox Os +1

Name of the Vulnerable Software and Affected Versions: temi Robox OS versions prior to 120 temi Android app versions up to 1.3.7931 Description: The issue allows remote attackers to listen in on ongoing calls between temi robots and their users if they can brute-force or guess a six-digit value...

7.5CVSS7.4AI score0.0041EPSS

Exploits1References3

NVD•added 2020/08/07 8:15 p.m.•7 views

CVE-2020-16169

9.8CVSS9.4AI score0.00523EPSS

OSV•added 2020/08/07 8:15 p.m.•1 views

CVE-2020-16167

9.1CVSS7.3AI score

Exploits0References2

Cvelist•added 2020/08/07 7:25 p.m.•9 views

CVE-2020-16167

9.1AI score0.00494EPSS

CVE•added 2020/08/07 7:25 p.m.•54 views

CVE-2020-16167

CVE-2020-16167, CVE-2020-16168 and CVE-2020-16169 pertain to temi robot’s IoT stack. The Connected documents confirm: (1) Missing Authentication for Critical Functions allowed publishing/subscribing to MQTT topics and inter-app privilege escalation (CVE-16167) enabling an attacker to subscribe to...

9.1CVSS8.9AI score0.00494EPSS

Cvelist•added 2020/08/07 7:22 p.m.•11 views

CVE-2020-16169

9.5AI score0.00523EPSS

CVE•added 2020/08/07 7:22 p.m.•58 views

CVE-2020-16169

CVE-2020-16169 (temi robot) enables an authentication bypass to gain OWNER privileges and remotely control temi via MQTT-based privilege management, as shown by attackers spoofing admin actions and abusing cloud/REST pathways. The accompanying connected analysis details two additional flaws: CVE-...

9.8CVSS9.3AI score0.00523EPSS