CVE-2018-6826

Name of the Vulnerable Software and Affected Versions VOBOT CLOCK versions prior to 0.99.30

Description An issue allows man-in-the-middle attackers to execute arbitrary code by exploiting the use of cleartext HTTP to download a breakout program. This can be achieved by watching for a local user to launch the Breakout Easter Egg feature and then sending a crafted HTTP response.

Recommendations For versions prior to 0.99.30, update to version 0.99.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the Breakout Easter Egg feature until the update is applied.