CVE-2020-16168

{"id": "CVE-2020-16168", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-08-07T13:15:10.777", "references": [{"url": "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.robotemi.com/software-updates/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors."}, {"lang": "es", "value": "El error de validaci\u00f3n de origen en temi Robox OS antes de 120, temi aplicaci\u00f3n Android hasta la versi\u00f3n 1.3.7931 permite a los atacantes remotos acceder a la API REST y al broker MQTT utilizado por los temi y enviarle datos/solicitudes personalizados a trav\u00e9s de vectores no especificados"}], "lastModified": "2023-05-16T22:42:15.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:robotemi:temi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B3C8C0D-7B39-48C1-BECE-70F96BD9FCF9", "versionEndExcluding": "1.3.7931"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:robotemi:temi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C790D64-7B4C-4575-BA62-887E5190345E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}