Vulnerabilities > Neatorobotics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2018-19441 | Use of Insufficiently Random Values vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 An issue was discovered in Neato Botvac Connected 2.2.0. | 4.7 |
| 2019-04-25 | CVE-2018-19442 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/messages Neato cloud URI on the nucleo.neatocloud.com web site (port 4443). | 9.8 |
| 2019-02-23 | CVE-2018-20785 | Unspecified vulnerability in Neatorobotics products Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. | 7.4 |
| 2018-10-24 | CVE-2018-18638 | OS Command Injection vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. | 8.1 |
| 2018-09-18 | CVE-2018-17178 | Unspecified vulnerability in Neatorobotics products An issue was discovered on Neato Botvac Connected 2.2.0 devices. high complexity neatorobotics | 5.3 |
| 2018-09-18 | CVE-2018-17177 | Inadequate Encryption Strength vulnerability in Neatorobotics products An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. | 2.4 |
| 2018-09-18 | CVE-2018-17176 | Authentication Bypass by Capture-replay vulnerability in Neatorobotics products A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. | 7.5 |