CVE-2018-17178

low-risk
Published 2018-09-18

An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.

Do I need to act?

-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
ADJACENT_NETWORK / HIGH complexity

Affected Products (5)

Botvac D4 Connected Firmware
Botvac D6 Connected Firmware
Botvac D5 Connected Firmware
Botvac D7 Connected Firmware
Botvac D3 Connected Firmware

Affected Vendors

Neatorobotics

References (2)

Exploit https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuu...
Exploit https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuu...
26
/ 100
low-risk
Severity 14/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 12/34 · Low