Skip to content

Commit 51056fa

Browse files
todbtodb
authored
Fix CVSS score, ninja style
1 parent 3fed125 commit 51056fa

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

content/cves/CVE-2025-35027.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ Any questions about this disclosure should be directed to cve@takeonme.org.
1313
The [GCVE](https://gcve.eu/about/) identifier for this issue is <span style="white-space: nowrap;">[GCVE-1337-2025-00000000000000000000000000000000000000000000000001011011111110011111111110000000000000000000000000000000000000000000000000000000010]</span>
1414
# Executive Summary
1515

16-
By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the `wpa_supplicant_restart.sh` shell script. This is an instance of [CWE-78], "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')," and an estimate of the CVSS vectors is [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N](https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), which scores as an **7.8**. The relevant [SSVC] vectors for this vulnerability are *Exploitation: PoC* and *Technical Impact: Total*.
16+
By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the `wpa_supplicant_restart.sh` shell script. This is an instance of [CWE-78], "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')," and an estimate of the CVSS vectors is [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N](https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), which scores as an **7.3**. The relevant [SSVC] vectors for this vulnerability are *Exploitation: PoC* and *Technical Impact: Total*.
1717
# Technical Details
1818

1919
Affected robots expose, intentionally, a WiFi configuration interface over Bluetooth Low Energy (BLE), available for any authenticated user to configure. The values for the chosen SSID and the password for the on-board WiFi are ultimately passed to the restart script, in the form of:

0 commit comments

Comments
 (0)