Vulnerabilities > Ufactory

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-15	CVE-2020-10286	Improper Privilege Management vulnerability in Ufactory products the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation. low complexity ufactory CWE-269	8.8
2020-07-15	CVE-2020-10285	Insufficient Entropy vulnerability in Ufactory Xarm 5 Lite Firmware 1.5.0 The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. network low complexity ufactory CWE-331 critical	9.8
2020-07-15	CVE-2020-10284	Unspecified vulnerability in Ufactory Xarm Studio 1.3.0 No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. network low complexity ufactory critical	9.1

Vulnerabilities > Ufactory {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ufactory"}]}