CVE-2025-41108 (CNNVD-202510-3139)
中文标题:
Ghost Robotics Vision 60 授权问题漏洞
英文标题:
Improper Authentication vulnerability in Ghost Robotics' Vision 60
漏洞描述
中文描述:
Ghost Robotics Vision 60是美国Ghost Robotics公司的一款四足地面机器人。 Ghost Robotics Vision 60 v0.27.2版本存在授权问题漏洞,该漏洞源于通信协议缺少加密和身份验证机制,可能导致未经授权的完全控制。
英文描述:
The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station (tablet) and gaining unauthorised full control of the robot. The absence of encryption and authentication mechanisms in the communication protocol allows an attacker to capture legitimate traffic between the robot and the controller, replicate it, and send any valid command to the robot from any attacking computer or device. The communication protocol used in this interface is based on MAVLink, a widely documented protocol, which increases the likelihood of attack. There are two methods for connecting to the robot remotely: Wi-Fi and 4G/LTE.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Ghost Robotics | Vision 60 | 0.27.2 | - | - |
cpe:2.3:a:ghost_robotics:vision_60:0.27.2:*:*:*:*:*:*:*
|
| ghostrobotics | vision_60_firmware | 0.27.2 | - | - |
cpe:2.3:o:ghostrobotics:vision_60_firmware:0.27.2:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
4.0 (cna)
CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-41108 |
2025-11-11 15:23:21 | 2025-11-11 07:40:30 |
| NVD | nvd_CVE-2025-41108 |
2025-11-11 15:01:06 | 2025-11-11 07:48:19 |
| CNNVD | cnnvd_CNNVD-202510-3139 |
2025-11-11 15:12:59 | 2025-11-11 08:00:19 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-202510-3139
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']