Details of VAR-201902-0761

ID

VAR-201902-0761

CVE

CVE-2018-20785

TITLE

Neato Botvac Connected Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014651

DESCRIPTION

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials. Neato Botvac Connected The device contains vulnerabilities related to authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Neato Robotics Neato Botvac Connected is a cleaning robot from Neato Robotics in the United States. A security vulnerability exists in version 2.2.0 of Neato Robotics Neato Botvac Connected

Trust: 1.71

sources: NVD: CVE-2018-20785 // JVNDB: JVNDB-2018-014651 // VULHUB: VHN-131626

AFFECTED PRODUCTS

vendor:	neatorobotics	model:	botvac d3 connected	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	neatorobotics	model:	botvac d6 connected	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	neatorobotics	model:	botvac d3 pro connected	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	neatorobotics	model:	botvac d7 connected	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	neatorobotics	model:	botvac d4 connected	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	neatorobotics	model:	botvac d5 connected	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	neatorobotics	model:	botvac connected	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	neato robotics	model:	botvac connected	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	neato robotics	model:	botvac d3 connected	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	neato robotics	model:	botvac d3 pro connected	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	neato robotics	model:	botvac d4 connected	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	neato robotics	model:	botvac d5 connected	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	neato robotics	model:	botvac d6 connected	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	neato robotics	model:	botvac d7 connected	scope:	eq	version:	2.2.0	Trust: 0.8

sources: JVNDB: JVNDB-2018-014651 // NVD: CVE-2018-20785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20785
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-20785
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201902-865
value:	HIGH
Trust: 0.6
VULHUB:	VHN-131626
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20785
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-131626
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20785
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.4
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-131626 // JVNDB: JVNDB-2018-014651 // CNNVD: CNNVD-201902-865 // NVD: CVE-2018-20785

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-014651 // NVD: CVE-2018-20785

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-865

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201902-865

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014651

PATCH

title:

トップページ

url:

https://www.neatorobotics.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-014651

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20785	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-014651	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-865	Trust: 0.7
db:	VULHUB	id:	VHN-131626	Trust: 0.1

sources: VULHUB: VHN-131626 // JVNDB: JVNDB-2018-014651 // CNNVD: CNNVD-201902-865 // NVD: CVE-2018-20785

REFERENCES

url:	https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners#t=745	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20785	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20785	Trust: 0.8

sources: VULHUB: VHN-131626 // JVNDB: JVNDB-2018-014651 // CNNVD: CNNVD-201902-865 // NVD: CVE-2018-20785

SOURCES

db:	VULHUB	id:	VHN-131626
db:	JVNDB	id:	JVNDB-2018-014651
db:	CNNVD	id:	CNNVD-201902-865
db:	NVD	id:	CVE-2018-20785

LAST UPDATE DATE

2024-11-23T22:48:29.503000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-131626	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-014651	date:	2019-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201902-865	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20785	date:	2024-11-21T04:02:10.270

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-131626	date:	2019-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-014651	date:	2019-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201902-865	date:	2019-02-23T00:00:00
db:	NVD	id:	CVE-2018-20785	date:	2019-02-23T14:29:00.427