Approved changes feed: RSS · Atom

cpe:2.3:a:ufactory:xarm5_lite,_xarm_6_and_xarm_7:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorUfactory (dd235221-d098-5015-86ab-2b31c66b64fb)
ProductXarm5 Lite, Xarm 6 And Xarm 7 (2978d8f1-4cbd-5119-9321-f0868588a537)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-10285 vulnerable 2026-06-08 05:16:35.111679 RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks
CRITICAL (9.4)
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.
Published: 2020-07-15T21:00:14.468Z
Updated: 2024-09-17T02:32:51.974Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-10284 vulnerable 2026-06-08 05:16:35.110230 RVD#3321: No Authentication required to exert manual control of the robot
CRITICAL (9.1)
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
Published: 2020-07-15T19:25:13.961Z
Updated: 2024-09-16T23:21:30.074Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.