CVE-2018-18638
Summary
| CVE | CVE-2018-18638 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-24 22:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Neatorobotics | Botvac Connected | - | All | All | All |
| Hardware | Neatorobotics | Botvac Connected | - | All | All | All |
| Operating System | Neatorobotics | Botvac Connected Firmware | 2.2.0 | All | All | All |
| Operating System | Neatorobotics | Botvac Connected Firmware | 2.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/march/security-in-a... | MISC | www.nccgroup.trust | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.