2.4
CVE-2018-17177
- EPSS 0.17%
- Veröffentlicht 18.09.2018 18:29:09
- Zuletzt bearbeitet 21.11.2024 03:54:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Neatorobotics ≫ Botvac D4 Connected Firmware Version2.2.0
Neatorobotics ≫ Botvac D6 Connected Firmware Version2.2.0
Neatorobotics ≫ Botvac D5 Connected Firmware Version2.2.0
Neatorobotics ≫ Botvac D7 Connected Firmware Version2.2.0
Neatorobotics ≫ Botvac D3 Connected Firmware Version2.2.0
Neatorobotics ≫ Botvac 85 Firmware Version1.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.067 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.4 | 0.9 | 1.4 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners