CVE-2018-17176 - OpenCVE

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Neatorobotics	Botvac D4 Connected Botvac D4 Connected Firmware Botvac D6 Connected Botvac D6 Connected Firmware Botvac D7 Connected Botvac D7 Connected Firmware

Configuration 1 [-]

AND

cpe:2.3:h:neatorobotics:botvac_d4_connected:-:*:*:*:*:*:*:*

cpe:2.3:o:neatorobotics:botvac_d4_connected_firmware:2.2.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:neatorobotics:botvac_d6_connected:-:*:*:*:*:*:*:*

cpe:2.3:o:neatorobotics:botvac_d6_connected_firmware:2.2.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:neatorobotics:botvac_d7_connected:-:*:*:*:*:*:*:*

cpe:2.3:o:neatorobotics:botvac_d7_connected_firmware:2.2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-18T18:00:00Z

Updated: 2024-09-16T20:43:30.682Z

Reserved: 2018-09-18T00:00:00Z

Link: CVE-2018-17176

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-18T18:29:08.897

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-17176

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-18T18:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17176", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners", "refsource": "MISC", "url": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:39:59.605Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-17176", "datePublished": "2018-09-18T18:00:00Z", "dateReserved": "2018-09-18T00:00:00Z", "dateUpdated": "2024-09-16T20:43:30.682Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:neatorobotics:botvac_d4_connected:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AAFEF4A-DBE0-4ED5-BC9B-DE085A4B17A1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:neatorobotics:botvac_d4_connected_firmware:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5F39FEF-F0CD-47D3-A76F-20688D6F2E58", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:neatorobotics:botvac_d6_connected:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFD5F294-65E5-4D9E-A6D6-BE61333FBD16", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:neatorobotics:botvac_d6_connected_firmware:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "63C8908D-FD7C-446C-B85B-C312B5337294", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:neatorobotics:botvac_d7_connected:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC421B90-A38E-45D9-AF16-ACFC332093D2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:neatorobotics:botvac_d7_connected_firmware:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "30356F2E-BB23-45B3-BAE7-D0CBAF4BA6C8", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all."}, {"lang": "es", "value": "Se ha descubierto un problema de reproducci\u00f3n en dispositivos Neato Botvac Connected 2.2.0. El modo de control manual requiere autenticaci\u00f3n pero, una vez grabada, la autenticaci\u00f3n (transmitida siempre en texto claro) puede reproducirse en /bin/webserver en el puerto 8081. No hay nonces y las marcas de tiempo no se comprueban."}], "id": "CVE-2018-17176", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-18T18:29:08.897", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}]}