Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Neatorobotics Subscribe
Filtered by product Botvac Connected Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19441 1 Neatorobotics 2 Botvac Connected, Botvac Connected Firmware 2020-02-05 1.9 LOW 4.7 MEDIUM
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot.
CVE-2018-19442 1 Neatorobotics 2 Botvac Connected, Botvac Connected Firmware 2020-01-22 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/messages Neato cloud URI on the nucleo.neatocloud.com web site (port 4443).
CVE-2018-18638 1 Neatorobotics 2 Botvac Connected, Botvac Connected Firmware 2019-10-02 9.3 HIGH 8.1 HIGH
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.
CVE-2018-20785 1 Neatorobotics 14 Botvac Connected, Botvac Connected Firmware, Botvac D3 Connected and 11 more 2019-10-02 4.4 MEDIUM 7.4 HIGH
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials.