Vecna VGo Robot (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to capture firmware updates through network traffic, extract credentials from the firmware, record video conversations, and may allow remote code execution with root privileges.

CVEs (4)

Remediations

• By default, VGo has automatic updates enabled so all updates are performed automatically when Internet access is available. If the VGo is powered off or in use, a message will appear on the screen asking if it can be updated when the VGo is next used.
• If a VGo unit has automatic updates turned off, the update will not be downloaded (however, a notice about the update will be displayed on the VGo's screen). Vecna recommends that automatic updates be turned on. Select “settings” from the main menu then “advanced settings” then “automatic updates.”
• Vecna has not addressed CVE-2018-17931 and CVE-2018-17933.
• Vecna may have released an update for CVE-2018-8858.

Affected Vendors

Affected Products (1)

Affected Sectors

Communications