CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

Search Vulnerabilities

Software

Searching vulnerabilities affecting “ufactory”

4 vulnerabilities found for “ufactory”

CVE-2025-58944

HIGH8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue affects Manufactory: from n/a through <= 1.4.

axiomthemes / manufactory

Network

Published Dec 18, 2025

CVE-2020-10285

CRITICAL9.8

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.

ufactory / xarm_5_lite_firmware

Network

Published Jul 15, 2020

CVE-2020-10284

CRITICAL9.1

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.

ufactory / xarm_studio

Network

Published Jul 15, 2020

CVE-2020-10286

HIGH8.8

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.

ufactory / xarm_5_lite_firmware+2

Adjacent

Published Jul 15, 2020