Vulnerabilities > Neatorobotics > Botvac Connected Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2018-19441 | Use of Insufficiently Random Values vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 An issue was discovered in Neato Botvac Connected 2.2.0. | 4.7 |
| 2019-04-25 | CVE-2018-19442 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/messages Neato cloud URI on the nucleo.neatocloud.com web site (port 4443). | 9.8 |
| 2019-02-23 | CVE-2018-20785 | Unspecified vulnerability in Neatorobotics products Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. | 7.4 |
| 2018-10-24 | CVE-2018-18638 | OS Command Injection vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. | 8.1 |