CVE-2020-10270

Name of the Vulnerable Software and Affected Versions MiR100 (affected versions not specified) MiR200 (affected versions not specified) MiR250 (affected versions not specified) MiR500 (affected versions not specified) MiR1000 (affected versions not specified)

Description The issue allows access to the Control Dashboard on a hardcoded IP address through wired and wireless interfaces within the MiR fleet. Default credentials for the wireless interface are well-known and widely spread, and this information is also available in past User Guides and manuals distributed by the vendor. This flaw enables cyber attackers to remotely take control of the robot and use the default user interfaces created by MiR, making attacks available to entry-level attackers. More elaborate attacks can be established by clearing authentication and sending network requests directly.

Recommendations For MiR100, consider disabling the default user interfaces until a fix is available. For MiR200, restrict access to the Control Dashboard on the hardcoded IP address to minimize the risk of exploitation. For MiR250, MiR500, and MiR1000, if the flaw applies, avoid using the default credentials and consider implementing custom authentication mechanisms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.