{"api_version":"1","generated_at":"2026-06-30T04:09:19+00:00","cve":"CVE-2018-17931","urls":{"html":"https://cve.report/CVE-2018-17931","api":"https://cve.report/api/cve/CVE-2018-17931.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-17931","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-17931"},"summary":{"title":"CVE-2018-17931","description":"If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-10-30 21:29:00","updated_at":"2019-10-09 23:37:00"},"problem_types":["CWE-284"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Vecna VGo Robot (Update A) | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-17931","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17931","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"17931","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"vecna","cpe5":"vgo","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"17931","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"vecna","cpe5":"vgo","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"17931","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"vecna","cpe5":"vgo_firmware","cpe6":"3.0.3.53662","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"17931","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"vecna","cpe5":"vgo_firmware","cpe6":"3.0.3.53662","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"17931","vulnerable":"1","versionEndIncluding":"3.0.3.52164","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"vecna","cpe5":"vgo_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2018-17931","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"VGo Robot","version":{"version_data":[{"version_value":"Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"IMPROPER ACCESS CONTROL CWE-284"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"}]}},"nvd":{"publishedDate":"2018-10-30 21:29:00","lastModifiedDate":"2019-10-09 23:37:00","problem_types":["CWE-284"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:vecna:vgo_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.3.52164","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:vecna:vgo_firmware:3.0.3.53662:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:vecna:vgo:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"17931","Ordinal":"134748","Title":"CVE-2018-17931","CVE":"CVE-2018-17931","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"17931","Ordinal":"1","NoteData":"If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"17931","Ordinal":"2","NoteData":"2018-10-30","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"17931","Ordinal":"3","NoteData":"2018-10-30","Type":"Other","Title":"Modified"}]}}}