Vulnerabilities > Neatorobotics > Botvac Connected Firmware > High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-23	CVE-2018-20785	Unspecified vulnerability in Neatorobotics products Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. local high complexity neatorobotics	7.4
2018-10-24	CVE-2018-18638	OS Command Injection vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. network high complexity neatorobotics CWE-78	8.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.