Executive Summary

The vulnerability exists in the MQTT broker embedded in Yarbo firmware version 2.3.9. It is configured to allow anonymous connections without any topic-level read or write access control lists (ACLs). This means that any device on the same network can connect to the broker without authentication or authorization.

As a result, an attacker can subscribe to sensitive telemetry topics or publish control messages directly to the robot, potentially manipulating its behavior or accessing confidential data.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive telemetry data and unauthorized control over the robot. Since there is no authentication or authorization, attackers on the same network can manipulate the robot's operations, leading to potential safety risks, data breaches, or disruption of services.

The CVSS score of 9.8 indicates a critical severity with high impact on confidentiality, integrity, and availability.

Useful 0 Not Useful 0

Detection Guidance

The vulnerability involves the MQTT broker in Yarbo firmware v2.3.9 allowing anonymous connections without authentication or authorization. To detect this on your network or system, you can scan for MQTT brokers that accept anonymous connections and check if sensitive telemetry topics can be subscribed to or if control messages can be published without credentials.

Common commands to detect such a vulnerability include using MQTT client tools to connect anonymously and attempt to subscribe or publish to topics. For example, using the mosquitto_sub and mosquitto_pub commands:

• mosquitto_sub -h <broker_ip> -t '#' -v
• mosquitto_pub -h <broker_ip> -t '<control_topic>' -m 'test message'

If these commands succeed without authentication, it indicates the presence of the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, you should disable anonymous connections on the MQTT broker embedded in Yarbo firmware v2.3.9.

Additionally, implement topic-level read and write access control lists (ACLs) to restrict which clients can subscribe or publish to sensitive telemetry and control topics.

Restrict network access to the MQTT broker so that only authorized hosts can connect, ideally by using network segmentation or firewall rules.

If possible, update the firmware to a version that addresses this security issue.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows any host on the same network to connect anonymously to the MQTT broker embedded in Yarbo firmware v2.3.9 without authentication or authorization, enabling subscription to sensitive telemetry topics and publishing control messages directly to the robot.

This lack of access control and authentication can lead to unauthorized access and manipulation of sensitive data and device control, which may violate data protection and security requirements mandated by standards such as GDPR and HIPAA.

Specifically, the exposure of sensitive telemetry data without proper access restrictions could result in breaches of confidentiality and integrity, undermining compliance with regulations that require protection of personal or sensitive information.

Useful 0 Not Useful 0