CVE-2018-17176
CVE-2018-17176 affects Neato Botvac Connected 2.2.0. The issue enables replay of an authenticated session: manual control mode requires authentication, but the authentication credentials (transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces and timestamps ...