Information disclosure in VGo Celia - CVE-2018-8858
Published: October 19, 2018
Vulnerability identifier: #VU15425
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-8858
CWE-ID: CWE-522
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Vecna Technologies
Affected software:
VGo Celia
VGo Celia
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficiently protected credentials. An adjacent attacker can recover WiFi passwords that the robot uses to connect to an organization's internal network or the XMPP credentials that the robot owner uses to connect to the device from remote locations.
The weakness exists due to insufficiently protected credentials. An adjacent attacker can recover WiFi passwords that the robot uses to connect to an organization's internal network or the XMPP credentials that the robot owner uses to connect to the device from remote locations.
How to mitigate CVE-2018-8858
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.