← Back

CVE-2018-17176

nvd nist
Published: Sep 18, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.

Affected (3)

Neatorobotics
3 products
Botvac D4 Connected Firmware
Botvac D6 Connected Firmware
Botvac D7 Connected Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Botvac D4 Connected Firmware
Version 2.2.0
Running on/withPlatform Versions
Neatorobotics
Botvac D4 Connected
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Botvac D6 Connected Firmware
Version 2.2.0
Running on/withPlatform Versions
Neatorobotics
Botvac D6 Connected
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Botvac D7 Connected Firmware
Version 2.2.0
Running on/withPlatform Versions
Neatorobotics
Botvac D7 Connected
All versions

Related CWEs

CWE-294
Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.