RSS   Vulnerabilities for 'Botvac d4 connected firmware'   RSS

2018-09-18
 
CVE-2018-17178

CWE-noinfo
 

 
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.

 
 
CVE-2018-17177

CWE-326
 

 
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.

 

 >>> Vendor: Neato 6 Products
Botvac 85 firmware
Botvac d3 connected firmware
Botvac d4 connected firmware
Botvac d5 connected firmware
Botvac d6 connected firmware
Botvac d7 connected firmware


Copyright 2024, cxsecurity.com

 

Back to Top