Login Sign Up

CVE-2020-16167

9.1 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers to intercept and answer video calls intended for other temi robot users, granting them unauthorized motor control and audio/video access. It affects temi Robox OS versions before 120 and temi Android app versions up to 1.3.7931. Attackers can exploit this without authentication to take control of robots.

💻 Affected Systems

Products:
  • temi Robox OS
  • temi Android app
Versions: Robox OS prior to 120, Android app up to 1.3.7931
Operating Systems: Android, temi Robox OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the call functionality which is a core feature of temi robots.

📦 What is this software?

Launcher Os by Robotemi

View all CVEs affecting Launcher Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete remote takeover of temi robots allowing physical movement control, audio/video surveillance, and potential physical damage or privacy violations.

🟠

Likely Case

Unauthorized access to robot controls and audio/video feeds, enabling surveillance and limited physical movement.

🟢

If Mitigated

No unauthorized access possible with proper authentication controls in place.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication via the call system.
🏢 Internal Only: MEDIUM - Internal attackers could exploit if network segmentation is weak.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation involves intercepting and answering calls via unspecified vectors, requiring network access to the robot.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Robox OS 120 or later, Android app newer than 1.3.7931

Vendor Advisory: https://www.robotemi.com/software-updates/

Restart Required: Yes

Instructions:

1. Update temi Robox OS to version 120 or later via robot settings. 2. Update temi Android app to latest version from Google Play Store. 3. Restart the robot after OS update.

🔧 Temporary Workarounds

Disable remote call functionality

all

Temporarily disable the call feature that allows remote connections to the robot.

Network segmentation

all

Isolate temi robots on separate network segments with strict firewall rules.

🧯 If You Can't Patch

  • Disconnect robots from internet and use only on isolated internal networks
  • Disable all remote access features including call functionality in robot settings

🔍 How to Verify

Check if Vulnerable:

Check Robox OS version on robot display (Settings > About) and Android app version in app settings.

Check Version:

On robot: Settings > About > Version. On Android: App Info > Version.

Verify Fix Applied:

Confirm Robox OS version is 120 or higher and Android app version is newer than 1.3.7931.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized call connections
  • Multiple failed authentication attempts on call system
  • Unexpected motor control commands

Network Indicators:

  • Unusual network traffic to/from temi robots
  • Call interception patterns
  • Unauthorized remote connections

SIEM Query:

source="temi_robot" AND (event="call_intercepted" OR event="unauthorized_access")

📊 Metadata

CVE ID: CVE-2020-16167
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-306
Published: August 7, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-16167, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)