CVE-2018-17176 Information

Description

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication but once recorded the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces and timestamps are not checked at all.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5