CVE-2025-41109 (CNNVD-202510-3138)
中文标题:
Ghost Robotics Vision 60 信任管理问题漏洞
英文标题:
Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60
漏洞描述
中文描述:
Ghost Robotics Vision 60是美国Ghost Robotics公司的一款四足地面机器人。 Ghost Robotics Vision 60 v0.27.2版本存在信任管理问题漏洞,该漏洞源于物理接口缺乏身份验证机制,可能导致攻击者通过连接WiFi接入点访问机器人网络并监控所有数据。
英文描述:
Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot's internal router automatically assigns IP addresses to any device physically connected to it. An attacker could connect a WiFi access point under their control to gain access to the robot's network without needing the credentials for the deployed network. Once inside, the attacker can monitor all its data, as the robot runs on ROS 2 without authentication by default.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Ghost Robotics | Vision 60 | 0.27.2 | - | - |
cpe:2.3:a:ghost_robotics:vision_60:0.27.2:*:*:*:*:*:*:*
|
| ghostrobotics | vision_60_firmware | 0.27.2 | - | - |
cpe:2.3:o:ghostrobotics:vision_60_firmware:0.27.2:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-41109 |
2025-11-11 15:23:21 | 2025-11-11 07:40:30 |
| NVD | nvd_CVE-2025-41109 |
2025-11-11 15:01:06 | 2025-11-11 07:48:19 |
| CNNVD | cnnvd_CNNVD-202510-3138 |
2025-11-11 15:12:59 | 2025-11-11 08:00:19 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 信任管理问题
- cnnvd_id: 未提取 -> CNNVD-202510-3138
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']