CVE-2020-10285
15.07.2020, 21:15
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ufactory | xarm_5_lite_firmware | 𝑥 ≤ 1.5.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-307 - Improper Restriction of Excessive Authentication AttemptsThe product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.
- CWE-331 - Insufficient EntropyThe software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.