CVE-2018-17178

An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
neatoroboticsbotvac_d4_connected_firmware
2.2.0
neatoroboticsbotvac_d6_connected_firmware
2.2.0
neatoroboticsbotvac_d5_connected_firmware
2.2.0
neatoroboticsbotvac_d7_connected_firmware
2.2.0
neatoroboticsbotvac_d3_connected_firmware
2.2.0
𝑥
= Vulnerable software versions
References
https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners
https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners