20 matches found
EUVD-2018-18573
Malware in sbrugna...
EUVD-2018-18572
Malware in sbrugna...
Vobot Clock Remote Code Execution Vulnerability
The Vobot Clock is a smart bedside alarm clock equipped with Amazon Alexa, Sleep Coach and Daily Routine programs. A remote code execution vulnerability exists in VOBOT CLOCK versions prior to 0.99.30. The vulnerability arises due to the use of plaintext HTTP to download the breakout program. A...
Vobot Clock Information Disclosure Vulnerability
The Vobot Clock is a smart bedside alarm clock equipped with Amazon Alexa, Sleep Coach and Daily Routine programs. An information disclosure vulnerability exists in VOBOT CLOCK versions prior to 0.99.30. The vulnerability arises because the Vobot firmware does not validate the certificate of the...
Vobot Clock root privileges hardcoded SSH credentials vulnerability
The Vobot Clock is a smart bedside alarm clock equipped with Amazon Alexa, Sleep Coach and Daily Routine programs. VOBOT CLOCK Versions prior to 0.99.30 are vulnerable to a root privilege hardcoded SSH credentials vulnerability.The SSH server has hardcoded vobot user accounts and passwords with...
CVE-2018-6825
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...
Hardcoded credentials
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...
CVE-2018-6826
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP respon...
Design/Logic Flaw
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP respon...
CVE-2018-6827
VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded...
CVE-2018-6826
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP respon...
CVE-2018-6827
VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded...
CVE-2018-6825
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...
Hardcoded credentials
VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded...
CVE-2018-6825
CVE-2018-6825 : Affected product is VOBOT CLOCK devices running versions prior to 0.99.30. The vulnerability arises from an SSH server that ships with a hardcoded root-level vobot user account/password, enabling full root access. This enables remote compromise with no user interaction. According ...
CVE-2018-6825
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...
CVE-2018-6826
VULNERABILITY: VOBOT CLOCK devices before version 0.99.30 are affected by a remote code execution issue. The root cause is use of plaintext HTTP to download a breakout program, enabling a man-in-the-middle to observe a local user launching the Breakout Easter Egg feature and then send a crafted H...
CVE-2018-6827
VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded...
CVE-2018-6826
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP respon...
CVE-2018-6827
CVE-2018-6827 affects VOBOT CLOCK devices prior to 0.99.30, where the product fails to verify X.509 certificates from SSL servers. This vulnerability enables man-in-the-middle attacks to spoof servers and disclose sensitive data, with potential remote code execution via a crafted certificate, as ...