CVE-2018-17177 - OpenCVE

An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Neatorobotics	Botvac D4 Connected Firmware Botvac D5 Connected Firmware Botvac 85 Firmware Botvac 85 Connected Botvac D7 Connected Botvac D6 Connected Firmware Botvac D3 Connected Botvac D5 Connected Botvac D6 Connected Botvac D3 Connected Firmware Botvac D7 Connected Firmware Botvac D4 Connected

Configuration 1 [-]

AND

cpe:2.3:o:neatorobotics:botvac_d4_connected_firmware:2.2.0:*:*:*:*:*:*:*

cpe:2.3:h:neatorobotics:botvac_d4_connected:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:neatorobotics:botvac_d6_connected_firmware:2.2.0:*:*:*:*:*:*:*

cpe:2.3:h:neatorobotics:botvac_d6_connected:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:neatorobotics:botvac_d5_connected_firmware:2.2.0:*:*:*:*:*:*:*

cpe:2.3:h:neatorobotics:botvac_d5_connected:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:neatorobotics:botvac_d7_connected_firmware:2.2.0:*:*:*:*:*:*:*

cpe:2.3:h:neatorobotics:botvac_d7_connected:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:neatorobotics:botvac_d3_connected_firmware:2.2.0:*:*:*:*:*:*:*

cpe:2.3:h:neatorobotics:botvac_d3_connected:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:neatorobotics:botvac_85_firmware:1.2.1:*:*:*:*:*:*:*

cpe:2.3:h:neatorobotics:botvac_85_connected:-:*:*:*:*:*:*:*

References

Link	Resource
https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners	Exploit Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:22:09

Updated: 2022-10-03T16:22:09

Reserved: 2022-10-03T00:00:00

Link: CVE-2018-17177

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-09-18T18:29:09.257

Modified: 2021-06-17T17:29:13.487

Link: CVE-2018-17177

JSON object: View

Redhat Information

No data.

CWE

CWE-326