Yarbo Robots Hardcoded Credentials Vulnerability

A vulnerability exists in Yarbo robot firmware version 2.3.9, where hardcoded administrative credentials provide unauthorized access to device management interfaces. These credentials are uniform across all devices with this firmware and cannot be altered or removed by users, facilitating easy exploitation of the affected robots.

Impact

Exploitation of this vulnerability allows for unauthorized access to the robot's management interface via SSH, with root privileges. This access is persistent and can be used to manipulate the robot's operations or extract sensitive information, such as Wi-Fi credentials. Additionally, the vulnerability could be exploited to access live camera feeds from the robot, according to the researcher's findings.

Reproduction

The vulnerability can be reproduced by accessing the robot's SSH service through a NAT traversal tunnel established by a hardcoded FRP client. This tunnel routes connections from a public FRP server to the robot's local SSH port, allowing anyone with knowledge of the robot's serial number to authenticate as root using the embedded password. Once connected, the FRP client can be used to forward internal camera network ports to a local machine, providing access to live video streams from the robot's cameras.

Remediation

Yarbo needs to remove the hardcoded credentials and implement unique, per-device credentials that can be properly managed. Until this is addressed, users can isolate their robots on segmented networks and monitor for any unauthorized access attempts.