#VU15425 Information disclosure in VGo Celia
Vulnerability identifier: #VU15425
Vulnerability risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-522
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
VGo Celia
Hardware solutions /
Firmware
Vendor: Vecna Technologies
Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficiently protected credentials. An adjacent attacker can recover WiFi passwords that the robot uses to connect to an organization's internal network or the XMPP credentials that the robot owner uses to connect to the device from remote locations.
Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versions
VGo Celia: 1.4.2 - 3.0.3.52164
External links
http://go.zingbox.com/rs/562-ZPO-907/images/Zingbox%20Whitepaper%20-%20Telepresence%20Robot%20Vulnerabilities.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
