CVE-2018-17176

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
Configurations

Configuration 1


Information

Published : 2018-09-18 06:29

Updated : 2020-08-24 05:37


NVD link : CVE-2018-17176

Mitre link : CVE-2018-17176

Products Affected
No products.
CWE
CWE-294

Authentication Bypass by Capture-replay