Shodan
Maps
Images
Monitor
Developer
More...
Dashboard
View Api Docs
Vulnerabilities
By Date
Known Exploited
Advanced Search
Vulnerable Software
Vendors
Products
Vulnerability Details CVE-2018-18638
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score
0.051
EPSS Ranking
89.3%
CVSS Severity
CVSS v3 Score
8.1
CVSS v2 Score
9.3
References
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/march/security-in-a-vacuum-hacking-the-neato-botvac-connected-part-1/
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/march/security-in-a-vacuum-hacking-the-neato-botvac-connected-part-1/
Products affected by CVE-2018-18638
Neatorobotics
»
Botvac Connected
»
Version:
N/A
cpe:2.3:h:neatorobotics:botvac_connected:-
Neatorobotics
»
Botvac Connected Firmware
»
Version:
2.2.0
cpe:2.3:o:neatorobotics:botvac_connected_firmware:2.2.0
Products
Monitor
Search Engine
Developer API
Maps
Bulk Data
Images
Snippets
Pricing
Membership
API Subscriptions
Enterprise
Contact Us
support@shodan.io
Shodan ® - All rights reserved