CVE-2018-17931

MEDIUM

VGo Robot Firmware < 3.0.3.52164 - Unauthenticated Code Execution via Script Alteration

Title source: llm
STIX 2.1

Description

If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01

Scores

CVSS v3 6.8
EPSS 0.0042
EPSS Percentile 33.4%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (2)
vecna/vgo_firmware 3.0.3.53662
vecna/vgo_firmware < 3.0.3.52164
Published Oct 30, 2018
Tracked Since Feb 18, 2026