A vulnerability was found in Neato Botvac Connected 2.2.0. It has been classified as critical. Affected is some unknown functionality of the file /bin/webserver of the component Manual Control Mode. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.

The bug was discovered 09/07/2018. The weakness was shared 09/18/2018 (Website). The advisory is shared for download at media.ccc.de. This vulnerability is traded as CVE-2018-17176 since 09/18/2018. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.

The vulnerability was handled as a non-public zero-day exploit for at least 11 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries 124226 and 124225 are related to this item.

Productinfo

Vendor

• Neato

Name

• Botvac Connected

Version

• 2.2.0

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion