CVE-2018-18638
Neato Botvac Connected 2.2.0 is affected by a command-injection in the setup API. The vulnerability allows remote attackers to inject shell metacharacters in the ntp field of a JSON payload sent to /robot/initialize, enabling arbitrary command execution. Root cause: unsafely handled ntp field in ...