Lucene search

[email protected]NVD:CVE-2018-17176

HistorySep 18, 2018 - 6:29 p.m.

CVE-2018-17176

2018-09-1818:29:08

CWE-294

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

34.1%

JSON

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.

Affected configurations

NVD

Node

neatoroboticsbotvac_d4_connectedMatch-

AND

neatoroboticsbotvac_d4_connected_firmwareMatch2.2.0

Node

neatoroboticsbotvac_d6_connectedMatch-

AND

neatoroboticsbotvac_d6_connected_firmwareMatch2.2.0

Node

neatoroboticsbotvac_d7_connectedMatch-

AND

neatoroboticsbotvac_d7_connected_firmwareMatch2.2.0

References

media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

34.1%

JSON

Related for NVD:CVE-2018-17176

cve1 cvelist1 prion1