CVE-2018-20785

Name of the Vulnerable Software and Affected Versions: Neato Botvac Connected version 2.2.0

Description: The issue allows for secure boot bypass and memory extraction on the affected device. During startup, the secure boot feature can be bypassed by sending specific commands to the USB serial port, which enables the execution of an unsigned system image. This bypass also allows an attacker to extract memory contents, including the original firmware and sensitive information such as Wi-Fi credentials.

Recommendations: For Neato Botvac Connected version 2.2.0, as a temporary workaround, consider restricting access to the USB serial port to minimize the risk of exploitation. Additionally, avoid using the device until a patch or fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.