MiR Robot and Fleet Open Redirect Vulnerability
Vulnerability
An open redirect vulnerability has been identified in the web server component of MiR Robot and MiR Fleet software, affecting versions prior to 3.7.0. This vulnerability allows remote attackers to redirect users to arbitrary external websites by manipulating a parameter. The lack of proper validation on user-controlled input enables the creation of seemingly legitimate URLs that lead to attacker-controlled sites, potentially facilitating phishing or social engineering attacks.
Impact
Exploitation of this vulnerability could lead to open redirect, allowing attackers to redirect users to malicious websites, which could be used for phishing or social engineering attacks.
Remediation
Users are advised to upgrade to MiR Robot or MiR Fleet version 3.7.0 or newer. If an immediate upgrade is not possible, it is recommended to operate the MiR system in a segmented and secured network with strict firewall rules and to secure user accounts on the MiR system as outlined in the MiR Cybersecurity Guide.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.