cbcvebase.

Neatorobotics Botvac Connected Firmware vulnerabilities

4 known vulnerabilities affecting neatorobotics/botvac_connected_firmware.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2018-19442P2CRITICALCVSS 9.8v2.2.02019-04-25
CVE-2018-19442 [CRITICAL] CWE-119 CVE-2018-19442: A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Co A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/messages Neato cloud URI on the nucleo.neatocloud.com web site (port 4443).
nvd
CVE-2018-18638P3HIGHCVSS 8.1v2.2.02018-10-24
CVE-2018-18638 [HIGH] CWE-78 CVE-2018-18638: A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows networ A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.
nvd
CVE-2018-20785P3HIGHCVSS 7.4v2.2.02019-02-23
CVE-2018-20785 [HIGH] CVE-2018-20785: Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. Du Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still
nvd
CVE-2018-19441P4MEDIUMCVSS 4.7v2.2.02020-01-27
CVE-2018-19441 [MEDIUM] CWE-330 CVE-2018-19441: An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the N An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he
nvd
Neatorobotics Botvac Connected Firmware vulnerabilities | cvebase