CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11132

Malware in sbrugna...

4.7CVSS5AI score0.00112EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-8952

Malware in sbrugna...

5.3CVSS5.6AI score0.00096EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-10354

Malware in sbrugna...

9.3CVSS8.2AI score0.04843EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-8951

Malware in sbrugna...

2.4CVSS4.3AI score0.00019EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-8950

Malware in sbrugna...

7.5CVSS7.6AI score0.00314EPSS

RedhatCVE•added 2025/05/22 12:47 p.m.•8 views

CVE-2018-17178

An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands sent to /bin/webserver on port 8081 if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though th...

5.3CVSS7.5AI score0.00096EPSS

RedhatCVE•added 2025/05/22 6:39 a.m.•8 views

CVE-2018-17176

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication always transmitted in cleartext can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all...

7.5CVSS7.1AI score0.00314EPSS

RedhatCVE•added 2025/05/22 6:24 a.m.•6 views

CVE-2018-17177

An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs event logs and core dumps to a USB stick. These logs are RC4-encrypted with a 9-character password of ^JEd4W!I that is obfuscated by hiding ...

2.4CVSS7.1AI score0.00019EPSS

OSV•added 2020/01/27 7:15 p.m.•1 views

CVE-2018-19441

4.7CVSS5.8AI score

NVD•added 2020/01/27 7:15 p.m.•8 views

CVE-2018-19441

4.7CVSS4.7AI score0.00112EPSS

Prion•added 2020/01/27 7:15 p.m.•9 views

Authentication flaw

1.9CVSS4.8AI score0.00112EPSS

Exploits0References2Affected Software1

CVE•added 2020/01/27 6:33 p.m.•46 views

CVE-2018-19441

The CVE-2018-19441 issue affects Neato Botvac Connected 2.2.0. The GenerateRobotPassword function in the NeatoCrypto library uses insufficiently random numbers for robot secret_key values used in local and cloud authentication/authorization. Entropy depends solely on the robot’s serial number (pr...

4.7CVSS4.7AI score0.00112EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/01/27 6:33 p.m.•11 views

CVE-2018-19441

4.7AI score0.00112EPSS

OSV•added 2019/04/25 5:29 p.m.•1 views

CVE-2018-19442

A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/robotserial/messages Neato cloud URI on the...

9.8CVSS6AI score

CVE•added 2019/04/25 4:59 p.m.•39 views

CVE-2018-19442

The CVE-2018-19442 entry affects Neato Botvac Connected 2.2.0, specifically the /bin/astro binary. A buffer overflow in Network::AuthenticationClient::VerifySignature can be triggered by a crafted POST to vendors/neato/robots/[robot_serial]/messages on nucleo.neatocloud.com (port 4443), allowing ...

10CVSS9.5AI score0.18243EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/04/25 4:59 p.m.•13 views

CVE-2018-19442

9.6AI score0.18243EPSS

OSV•added 2019/02/23 2:29 p.m.•3 views

CVE-2018-20785

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...

7.4CVSS5.9AI score0.00077EPSS