CVE-2023-3104

Published: Nov 22, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication.

Affected (1)

Products: Unitree: A1 Firmware

Unitree

1 product

A1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree A1 Firmware	All versions

Running on/with	Platform Versions
Unitree A1	Version 1.16

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1

Source: cve-coordination@incibe.es

Vendor Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.