A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network malicious users to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
neatorobotics botvac_connected_firmware 2.2.0 |