A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
                
            References
                    | Link | Resource | 
|---|---|
| https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners | Exploit Third Party Advisory | 
| https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners | Exploit Third Party Advisory | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
Configuration 2 (hide)
| AND | 
 
 | 
Configuration 3 (hide)
| AND | 
 
 | 
History
                    No history.
Information
                Published : 2018-09-18 18:29
Updated : 2024-11-21 03:54
NVD link : CVE-2018-17176
Mitre link : CVE-2018-17176
CVE.ORG link : CVE-2018-17176
JSON object : View
Products Affected
                neatorobotics
- botvac_d7_connected_firmware
- botvac_d4_connected_firmware
- botvac_d6_connected
- botvac_d4_connected
- botvac_d6_connected_firmware
- botvac_d7_connected
CWE
                
                    
                        
                        CWE-294
                        
            Authentication Bypass by Capture-replay
