#VU87313 Insufficient verification of data authenticity in Kobra 2

Cybersecurity Help s.r.o.

Published: 2024-03-08

Vulnerability identifier: #VU87313

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-345

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Kobra 2
Hardware solutions / Firmware

Vendor: Anycubic

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to missing verification of data authenticity when handling API responses from Anycubic Cloud. A remote attacker can send a specially crafted request to the MQTT server located in the cloud and compromise the affected device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Kobra 2: before 3.1.0

External links
https://store.anycubic.com/blogs/news/security-issue-of-anycubic-cloud

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Remote code execution in Anycubic Kobra 2 3D printers