Man-in-the-middle attack in Vobot Clock - CVE-2018-6826
Published: February 13, 2018 / Updated: February 13, 2018
Vulnerability identifier: #VU10465
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-6826
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Vobot
Affected software:
Vobot Clock
Vobot Clock
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.
The weakness exists due to using cleartext HTTP in data transfer in the Breakout Easter Egg feature. A remote attacker can use man-in-the-middle attack techniques and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to using cleartext HTTP in data transfer in the Breakout Easter Egg feature. A remote attacker can use man-in-the-middle attack techniques and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-6826
Update to version 0.99.30 or later.