Sign-up

ID

VAR-201809-0313


CVE

CVE-2018-17176


TITLE

Neato Botvac Connected Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-011487

DESCRIPTION

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2018-17176 // JVNDB: JVNDB-2018-011487 // VULHUB: VHN-127609

AFFECTED PRODUCTS

vendor:neatoroboticsmodel:botvac d4 connectedscope:eqversion:2.2.0

Trust: 1.6

vendor:neatoroboticsmodel:botvac d7 connectedscope:eqversion:2.2.0

Trust: 1.6

vendor:neatoroboticsmodel:botvac d6 connectedscope:eqversion:2.2.0

Trust: 1.6

vendor:neato roboticsmodel:botvac d4 connectedscope:eqversion:2.2.0

Trust: 0.8

vendor:neato roboticsmodel:botvac d6 connectedscope:eqversion:2.2.0

Trust: 0.8

vendor:neato roboticsmodel:botvac d7 connectedscope:eqversion:2.2.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-011487 // CNNVD: CNNVD-201809-807 // NVD: CVE-2018-17176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17176
value: HIGH

Trust: 1.0

NVD: CVE-2018-17176
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-807
value: HIGH

Trust: 0.6

VULHUB: VHN-127609
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-17176
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127609
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-17176
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-127609 // JVNDB: JVNDB-2018-011487 // CNNVD: CNNVD-201809-807 // NVD: CVE-2018-17176

PROBLEMTYPE DATA

problemtype:CWE-294

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-127609 // JVNDB: JVNDB-2018-011487 // NVD: CVE-2018-17176

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-807

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201809-807

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011487

PATCH
title:トップページurl:https://www.neatorobotics.com/jp/ja/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011487

EXTERNAL IDS
db:NVDid:CVE-2018-17176
Trust: 2.5
db:JVNDBid:JVNDB-2018-011487
Trust: 0.8
db:CNNVDid:CNNVD-201809-807
Trust: 0.7
db:VULHUBid:VHN-127609
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127609 // 
            
            
            
            JVNDB: JVNDB-2018-011487 // 
            
            
            
            CNNVD: CNNVD-201809-807 // 
            
            
            
            NVD: CVE-2018-17176

REFERENCES
url:https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17176
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17176
Trust: 0.8
sources:
            
            
            VULHUB: VHN-127609 // 
            
            
            
            JVNDB: JVNDB-2018-011487 // 
            
            
            
            CNNVD: CNNVD-201809-807 // 
            
            
            
            NVD: CVE-2018-17176

SOURCES
db:VULHUBid:VHN-127609
db:JVNDBid:JVNDB-2018-011487
db:CNNVDid:CNNVD-201809-807
db:NVDid:CVE-2018-17176

LAST UPDATE DATE
2024-11-23T22:17:19.202000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127609date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-011487date:2019-01-15T00:00:00
db:CNNVDid:CNNVD-201809-807date:2020-10-22T00:00:00
db:NVDid:CVE-2018-17176date:2024-11-21T03:54:01.160

SOURCES RELEASE DATE
db:VULHUBid:VHN-127609date:2018-09-18T00:00:00
db:JVNDBid:JVNDB-2018-011487date:2019-01-15T00:00:00
db:CNNVDid:CNNVD-201809-807date:2018-09-19T00:00:00
db:NVDid:CVE-2018-17176date:2018-09-18T18:29:08.897