CVE-2018-19441
- EPSS 0.11%
- Veröffentlicht 27.01.2020 19:15:10
- Zuletzt bearbeitet 21.11.2024 03:57:55
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an at...
- EPSS 18.24%
- Veröffentlicht 25.04.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:55
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_seri...
CVE-2018-20785
- EPSS 0.08%
- Veröffentlicht 23.02.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:10
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB ...
CVE-2018-18638
- EPSS 5.09%
- Veröffentlicht 24.10.2018 22:29:02
- Zuletzt bearbeitet 21.11.2024 03:56:16
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.