CVE-2020-16167
CRITICALRobotemi Launcher OS < 13146 - Missing Authentication
Title source: ruleDescription
Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.robotemi.com/software-updates/
Exploit, Third Party Advisory x_refsource_misc
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/call-an-exorcist-my-robots-possessed/
Scores
CVSS v3
9.1
EPSS
0.0215
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-306
Status
published
Products (1)
robotemi/launcher_os
11969 - 13146
Published
Aug 07, 2020
Tracked Since
Feb 18, 2026