A replay issue exists on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
neatorobotics botvac d4 connected firmware 2.2.0 |
||
neatorobotics botvac d6 connected firmware 2.2.0 |
||
neatorobotics botvac d7 connected firmware 2.2.0 |