Authentication flaw

2018-09-1818:29:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.

CPENameOperatorVersion
botvac_d4_connected_firmwareeq2.2.0
botvac_d6_connected_firmwareeq2.2.0
botvac_d7_connected_firmwareeq2.2.0

Name	Operator	Version
botvac_d4_connected_firmware	eq	2.2.0
botvac_d6_connected_firmware	eq	2.2.0
botvac_d7_connected_firmware	eq	2.2.0

References

media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners