Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.9
CVSSv2

CVE-2018-17178

Published: 18/09/2018 Updated: 17/06/2021
CVSS v2 Base Score: 2.9 | Impact Score: 2.9 | Exploitability Score: 5.5
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 258
Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Botvac D4 Connected Firmware

Vulnerability Summary

An issue exists on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

neatorobotics botvac_d4_connected_firmware 2.2.0

neatorobotics botvac_d6_connected_firmware 2.2.0

neatorobotics botvac_d5_connected_firmware 2.2.0

neatorobotics botvac_d7_connected_firmware 2.2.0

neatorobotics botvac_d3_connected_firmware 2.2.0

References

NVD-CWE-noinfohttps://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleanershttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook